514 lines
27 KiB
Plaintext
514 lines
27 KiB
Plaintext
==Phrack Inc.==
|
|
|
|
Volume Four, Issue Thirty-Nine, File 11 of 13
|
|
|
|
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
|
|
PWN PWN
|
|
PWN Phrack World News PWN
|
|
PWN PWN
|
|
PWN Issue XXXIX / Part Two of Four PWN
|
|
PWN PWN
|
|
PWN Compiled by Datastream Cowboy PWN
|
|
PWN PWN
|
|
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
|
|
|
|
|
|
The Charge Of The Carders May 26, 1992
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
By Joshua Quittner (<New York> Newsday)(Page 45)
|
|
|
|
Computer criminals are after your credit-card numbers --
|
|
to steal with, sell and swap.
|
|
|
|
THE KID, from Springfield Gardens, Queens, was a carder, of course.
|
|
|
|
He was doing what carders do: trying to talk a salesman into overnight-
|
|
expressing him a $4,000 computer system -- and using a stolen credit-card
|
|
number for payment.
|
|
|
|
The salesman was playing right along on the phone; he had also notified a co-
|
|
worker to alert the New York State Police, said William Murphy, a customer
|
|
service manager at Creative Computers, who described the event as it was
|
|
unfolding on a recent Tuesday morning. Murphy said that on a typical day, as
|
|
many as a dozen times, carders would call and try to buy everything from modems
|
|
to whole computer systems.
|
|
|
|
Murphy said that these days, the security people at Creative Computers are able
|
|
to stop virtually all of them, either by not delivering the goods, or by
|
|
delivering them UPS -- that's United Police Service.
|
|
|
|
He sighed: "It's amazing that they even try."
|
|
|
|
But try they do. And at other places, they're successful. Where once hacking
|
|
into a credit bureau was a kind of rite of passage for computer intruders, who
|
|
generally did little more than look up credit histories on people like Mike
|
|
Dukakis, now computer criminals are mining national credit bureaus and mail-
|
|
order houses, coming away with credit-card numbers to sell, swap or use for
|
|
mail-order purchases.
|
|
|
|
Underground electronic bulletin board systems help spread not only the
|
|
passwords, but the techniques used to tap into different systems. In
|
|
San Diego on April 30, for instance, police raided a bulletin board called
|
|
Scantronics, which offered among other things, step-by-step manuals on how to
|
|
hack into Equifax Credit Information Services and TRW Information Services, the
|
|
largest credit bureaus in the nation, the San Diego Tribune reported.
|
|
|
|
"The potential for fraud is enormous, it's almost limitless," said Joel Lisker,
|
|
Mastercard International's vice president of security and risk management, who
|
|
noted that computer intruders accessed "thousands" of credit-card account
|
|
numbers in another recent case.
|
|
|
|
MASTERCARD is putting together a task force of its bank members to address the
|
|
problem, and is considering inviting hackers in to learn what they can do to
|
|
tighten up computer access to credit bureaus, he said.
|
|
|
|
Mastercard estimates it lost $57 million to counterfeit scams last year; Lisker
|
|
said it is impossible to say how much carders contributed. But based on the
|
|
volume of arrests lately, he figures carding has become a big problem.
|
|
|
|
"It's kind of like a farmer that sees a rat," Lisker said. "If he sees one, he
|
|
knows he has several. And if he sees several he knows he has a major
|
|
infestation. This is a major infestation."
|
|
|
|
"It's clearly something we should be concerned about," agreed Scott Charney,
|
|
chief of the U.S. Justice Department's new Computer Crime Unit. Charney said
|
|
that roughly 20 percent of the unit's current caseload involves credit-card
|
|
fraud, a number that, if nothing else, colors the notion that all hackers are
|
|
misunderstood kids, innocently exploring the world of computer networks.
|
|
|
|
"Whether such noble hackers exist, the fact of the matter is we're seeing
|
|
people out there whose motives are not that pure," he said.
|
|
|
|
On May 11, New York State Police arrested three teenagers in Springfield
|
|
Gardens when one of them went to pick up what he hoped was an Amiga 3000
|
|
computer system from Creative Computers, at a local UPS depot.
|
|
|
|
"What he wanted was a computer, monitor and modem. What he got was arrested,"
|
|
said John Kearey, a state police investigator who frequently handles computer
|
|
and telecommunications crimes. Police posed as UPS personnel and arrested the
|
|
youth, who led them to his accomplices.
|
|
|
|
Kearey said the teens said they got the stolen credit-card number from a
|
|
"hacker who they met on a bridge, they couldn't remember his name" -- an
|
|
interesting coincidence because the account number was for a next-door neighbor
|
|
of one of the youths. Police suspect that the teens, who claimed to belong to
|
|
a small hacking group called the MOB (for Men of Business) either hacked into a
|
|
credit bureau for the number, got someone else to do it, or went the low-tech
|
|
route -- "dumpster diving" for used carbon copies of credit receipts.
|
|
|
|
Indeed, most credit-card fraud has nothing to do with computer abusers.
|
|
Boiler-room operations, in which fast-talking con men get cardholders to
|
|
divulge their account numbers and expiration dates in exchange for the promise
|
|
of greatly discounted vacations or other too-good-to-be-true deals, are far and
|
|
away the most common scams, said Gregory Holmes, a spokesman for Visa.
|
|
|
|
But carders have an advantage over traditional credit-card cheats: By using
|
|
their PCs to invade credit bureaus, they can find credit-card numbers for
|
|
virtually anyone. This is useful to carders who pick specific credit-card
|
|
numbers based on location -- a neighbor is out of town for a week, which means
|
|
all you have to do is get his account number, stake out his porch and sign for
|
|
the package when the mail comes. Another advantage is address and ZIP code
|
|
verifications, once a routine way of double-checking a card's validity, are no
|
|
longer useful because carders can get that information from an account record.
|
|
|
|
"It's tough," Holmes said. "Where it becomes a major problem is following the
|
|
activity of actually getting the credit-card number; it's sent out on the black
|
|
market to a vast group of people" generally over bulletin boards. From there,
|
|
a large number of purchases can be racked up in a short period of time, well
|
|
before the cardholder is aware of the situation. While the cardholder is not
|
|
liable, the victims usually are businesses like Creative Computers, or the
|
|
credit-card company.
|
|
|
|
Murphy said his company used to get burned, although he would not divulge the
|
|
extent of its losses. "It happened until we got wise enough to their ways," he
|
|
said.
|
|
|
|
Now, with arrangements among various law enforcement agencies, telephone
|
|
companies and mail carriers, as well as a combination of call-tracing routines
|
|
and other verification methods, carders "rarely" succeed, he said. Also, a
|
|
dozen employees work on credit-card verification now, he said. "I feel sorry
|
|
for the companies that don't have the resources to devote departments to filter
|
|
these out. They're the ones that are getting hit hard."
|
|
|
|
In New York, federal, state and local police have been actively investigating
|
|
carder cases. Computers were seized and search warrants served on a number of
|
|
locations in December, as part of an ongoing federal investigation into
|
|
carding. City police arrested two youths in Queens in April after attempting
|
|
to card a $1,500 computer system from Creative Computers. They were arrested
|
|
when they tried to accept delivery.
|
|
|
|
"It's a legitimate way to make money. I know people who say they do it,"
|
|
claimed a 16-year-old Long Island hacker who uses the name JJ Flash.
|
|
|
|
While he says he eschews carding in favor of more traditional, non-malicious
|
|
hacking, JJ Flash said using a computer to break into a credit bureau is as
|
|
easy as following a recipe. He gave a keystroke-by-keystroke description of
|
|
how it's done, a fairly simple routine that involved disguising the carder's
|
|
calling location by looping through a series of packet networks and a Canadian
|
|
bank's data network, before accessing the credit bureau computer. Once
|
|
connected to the credit bureau computer, JJ Flash said a password was needed --
|
|
no problem, if you know what underground bulletin boards to check.
|
|
|
|
"It's really easy to do. I learned to do it in about thirty seconds. If you
|
|
put enough time and energy into protecting yourself, you'll never get caught,"
|
|
he said. For instance, an expert carder knows how to check his own phone line
|
|
to see if the telephone company is monitoring it, he claimed. By changing the
|
|
location of a delivery at the last minute, he said carders have evaded capture.
|
|
|
|
J J FLASH said that while most carders buy computers and equipment for
|
|
themselves, many buy televisions, videocassette recorders and other goods that
|
|
are easy to sell. "You can usually line up a buyer before its done," he said.
|
|
"If you have a $600 TV and you're selling it for $200, you will find a buyer."
|
|
|
|
He said that while TRW has tightened up security during the past year, Equifax
|
|
was still an easy target.
|
|
|
|
But John Ford, an Equifax spokesman, said he believes that hackers greatly
|
|
exaggerate their exploits. He said that in the recent San Diego case, only 12
|
|
records were accessed. "It seems to me the notion that anybody who has a PC
|
|
and a modem can sit down and break in to a system is patently untrue," he said.
|
|
"We don't have any evidence that suggests this is a frequent daily occurrence."
|
|
|
|
Regardless, Ford said his company is taking additional steps to minimize the
|
|
risk of intrusion. "If one is successful in breaking into the system, then we
|
|
are instituting some procedures that would render the information that the
|
|
hacker receives virtually useless."
|
|
|
|
Also, by frequently altering customers' passwords, truncating account
|
|
information so that entire credit-card numbers were not displayed, and possibly
|
|
encrypting other information, the system will become more secure.
|
|
|
|
"We take very seriously our responsibility to be the stewards of consumer
|
|
information," Ford said.
|
|
|
|
But others say that the credit bureaus aren't doing enough. Craig Neidorf,
|
|
publisher of Phrack, an underground electronic publication "geared to computer
|
|
and telecommunications enthusiasts," said that hacking into credit bureaus has
|
|
been going on, and has been easy to do "as long as I've been around." Neidorf
|
|
said that although he doesn't do it, associates tell him that hacking into
|
|
credit bureau's is "child's play" -- something the credit bureaus have been
|
|
careless about.
|
|
|
|
"For them not to take some basic security steps to my mind makes them
|
|
negligent," Neidorf said. "Sure you can go ahead and have the kids arrested
|
|
and yell at them, but why isn't Equifax or any of the other credit bureaus not
|
|
stopping the crime from happening in the first place? It's obvious to me that
|
|
whatever they're doing probably isn't enough."
|
|
|
|
A Recent History Of Carding
|
|
|
|
September 6, 1991: An 18-year-old American emigre, living in Israel, was
|
|
arrested there for entering military, bank and credit bureau computers. Police
|
|
said he distributed credit-card numbers to hackers in Canada and the United
|
|
States who used them to make unknown amounts of cash withdrawals.
|
|
|
|
January 13, 1992: Four university students in San Luis Obispo, California,
|
|
were arrested after charging $250,000 in merchandise to Mastercard and Visa
|
|
accounts. The computer intruders got access to some 1,600 credit-card
|
|
accounts, and used the numbers to buy, among other things: Four pairs of $130
|
|
sneakers; a $3,500 stereo; two gas barbecues and a $3,000 day at Disneyland.
|
|
|
|
February 13, 1992: Two teenagers were arrested when one of them went to pick
|
|
up two computer systems in Bellevue, Wash., using stolen credit-card numbers.
|
|
One told police that another associate had hacked into the computer system of a
|
|
mail-order house and circulated a list of 14,000 credit-card numbers through a
|
|
bulletin board.
|
|
|
|
April 17, 1992: Acting on a tip from San Diego police, two teenagers in Ohio
|
|
were arrested in connection with an investigation into a nationwide computer
|
|
hacking scheme involving credit-card fraud. Police allege "as many as a
|
|
thousand hackers" have been sharing information for four years on how to use
|
|
their computers to tap into credit bureau databases. Equifax, a credit bureau
|
|
that was penetrated, admits that a dozen records were accessed.
|
|
|
|
April 22, 1992: Two Queens teens were arrested for carding computer equipment.
|
|
_______________________________________________________________________________
|
|
|
|
Invading Your Privacy May 24, 1992
|
|
~~~~~~~~~~~~~~~~~~~~~
|
|
By Rob Johnson (The Atlanta Journal and Constitution)(Page A9)
|
|
|
|
Some do it for fun, others have more criminal intent. Regardless, computer
|
|
users have a range of techniques and weaponry when breaking into files.
|
|
"Rooting" forbidden files is hog heaven for hackers
|
|
|
|
Within an instant, he was in.
|
|
|
|
Voodoo Child, a 20-year-old college student with a stylish haircut and a well-
|
|
worn computer, had been cruising a massive researchers' network called Internet
|
|
when he stumbled upon a member account he hadn't explored for a while.
|
|
|
|
The institution performed "Star Wars" research, he later found out, but that
|
|
didn't interest him. "I don't know or care anything about physics," he said
|
|
recently. "I just wanted to get root."
|
|
|
|
And "getting root," hackers say, means accessing the very soul of a computer
|
|
system.
|
|
|
|
Working through the network, he started a program within the research
|
|
institute's computers, hoping to interrupt it at the right moment. "I figured
|
|
I just had a second," he said, gesturing with fingers arched above an imaginary
|
|
keyboard. Suddenly he pounced on the phantom keys. "And it worked."
|
|
|
|
He soon convinced the computer he was a system operator, and he built himself a
|
|
back door to Internet: He had private access to exotic supercomputers and
|
|
operating systems around the world.
|
|
|
|
Before long, though, the Atlanta-area hacker was caught, foiled by an MCI
|
|
investigator following his exploits over the long-distance phone lines.
|
|
National security experts sweated over a possible breach of top-secret
|
|
research; the investigation is continuing.
|
|
|
|
And Voodoo Child lost his computer to law enforcement.
|
|
|
|
"I was spending so much time on the computer, I failed out of college," he
|
|
said. "I would hack all night in my room, go to bed and get up at 4 in the
|
|
afternoon and start all over."
|
|
|
|
In college, he and a friend were once discovered by campus police dumpster-
|
|
diving behind the university computer building, searching for any scraps of
|
|
paper that might divulge an account number or a password that might help them
|
|
crack a computer.
|
|
|
|
Now he's sweating it out while waiting for federal agents to review his case.
|
|
"I'm cooperating fully," he said. "I don't want to go to prison. I'll do
|
|
whatever they want me to."
|
|
|
|
In the meantime, he's back in college and has taken up some art projects he'd
|
|
abandoned for the thrill of computer hacking.
|
|
|
|
The free-form days of computer hacking have definitely soured a bit -- even for
|
|
those who haven't been caught by the law.
|
|
|
|
"It's a lot more vicious," Voodoo Child said as a friend nodded in agreement.
|
|
"Card kids" -- young hackers who ferret out strangers' credit card numbers and
|
|
calling card accounts -- are wrecking the loose communal ethic that defined
|
|
hacking's earlier, friendlier days.
|
|
|
|
And other computer network users, he said, are terrified of the tactics of
|
|
sophisticated hackers who routinely attack other computer users' intelligence,
|
|
reputation and data.
|
|
|
|
"I used to run a BBS [electronic bulletin board system] for people who wanted
|
|
to learn about hacking," Voodoo Child said. "But I never posted anything
|
|
illegal. It was just for people who had questions, who wanted to do it
|
|
properly."
|
|
|
|
Doing it properly, several Atlanta-area hackers say, means exploring the gaps
|
|
in computer networks and corporate systems. They say it's an intellectual
|
|
exercise -- and an outright thrill -- to sneak into someone else's computer.
|
|
|
|
During a recent interview, Voodoo Child and a friend with a valid Internet
|
|
account dialed up the giant network, where some of their counterparts were
|
|
waiting for a reporter to ask them some questions.
|
|
|
|
"Did you get that information on the Atlanta Constitution reporter you were
|
|
asking about?" a faceless stranger asked.
|
|
|
|
A startled reporter saw his credit report and credit card numbers flashed
|
|
across the screen. Voodoo Child offered up the keyboard -- an introduction of
|
|
sorts to a mysterious, intimidating accomplice from deep inside the digital
|
|
otherworld. "Go ahead," he said. "Ask him anything you want."
|
|
_______________________________________________________________________________
|
|
|
|
KV4FZ: Guilty Of Telephone Toll Fraud May 15, 1992
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
By John Rice (rice@ttd.teradyne.com) in TELECOM Digest V12 #412
|
|
|
|
St. Croix ham operator, Herbert L. "Herb" Schoenbohm, KV4FZ, has been found
|
|
guilty in federal court of knowingly defrauding a Virgin Islands long-distance
|
|
telephone service reseller. He was convicted April 24th of possessing and
|
|
using up to fifteen unauthorized telephone access devices in interstate and
|
|
foreign commerce nearly five years ago.
|
|
|
|
The stolen long distance telephone access codes belonged to the Caribbean
|
|
Automated Long Lines Service, Inc. (CALLS) of St. Thomas, U.S. Virgin Islands.
|
|
Schoenbohm was found to have made more than $1,000 in unauthorized telephone
|
|
calls -- although the prosecution said he was responsible for far more.
|
|
|
|
According to the Virgin Islands Daily News, Schoenbohm, who is also the St.
|
|
Croix Police Chief of Communications, showed no emotion when he was pronounced
|
|
guilty of the charges by a 12 member jury in U.S District Court in
|
|
Christiansted. The case was heard by visiting District Judge Anne Thompson.
|
|
|
|
Neither Schoenbohm or his defense attorney, Julio Brady, would comment on the
|
|
verdict. The jury deliberated about seven hours. The sentencing, which has
|
|
been set for June 26, 1992, will be handled by another visiting judge not
|
|
familiar with the case.
|
|
|
|
Schoenbohm, who is Vice Chairman of the V.I. Republican Committee, has been
|
|
released pending sentencing although his bail was increased from $5,000 to
|
|
$25,000. While he could receive a maximum of ten years on each count,
|
|
Assistant U.S. Attorney Alphonse Andrews said Schoenbohm probably will spend no
|
|
more than eight months in prison since all three counts are similar and will be
|
|
merged.
|
|
|
|
Much of the evidence on the four day trial involved people who received
|
|
unauthorized telephone calls from KV4FZ during a 1987 period recorded by the
|
|
CALLS computer. Since the incident took place more than five years ago, many
|
|
could not pinpoint the exact date of the telephone calls.
|
|
|
|
The prosecution produced 20 witnesses from various U.S locations, including
|
|
agents from the Secret Service, the U.S. Marshals Service, Treasury Department
|
|
and Federal Communications Commission. In addition ham operators testified for
|
|
the prosecution.
|
|
|
|
Schoenbohm was portrayed as a criminal who had defrauded calls out of hundreds
|
|
of thousands of dollars. Schoenbohm admitted using the service as a paying
|
|
customer, said it did not work and that he terminated the service and never
|
|
used it again. He feels that there was much political pressure to get him
|
|
tried and convicted since he had been writing unfavorably articles about
|
|
Representative DeLugo, a non-voting delegate to Congress from the Virgin
|
|
Islands, including his writing of 106 bad checks during the recent rubbergate
|
|
scandal.
|
|
|
|
Most, but not all the ham operators in attendance were totally opposed to
|
|
KV4FZ. Bob Sherrin, W4ASX from Miami attended the trial as a defense character
|
|
witness. Sherrin told us that he felt the conviction would be overturned on
|
|
appeal and that Schoenbohm got a raw deal. "They actually only proved that he
|
|
made $50 in unauthorized calls but the jury was made to believe it was $1,000."
|
|
|
|
Schoenbohm's attorney asked for a continuance due to newly discovered evidence,
|
|
but that was denied. There also is a question as to whether the jury could
|
|
even understand the technology involved. "Even his own lawyer couldn't
|
|
understand it, and prepared an inept case," Sherrin said. "I think he was
|
|
railroaded. They were out to get him. There were a lot of ham net members
|
|
there and they were all anti-Herb Schoenbohm. The only people that appeared
|
|
normal and neutral were the FCC. The trial probably cost them a million
|
|
dollars. All his enemies joined to bring home this verdict."
|
|
|
|
Schoenbohm had been suspended with pay from the police department job since
|
|
being indicted by the St. Croix grand jury. His status will be changed to
|
|
suspension without pay if there is an appeal. Termination will be automatic if
|
|
the conviction is upheld. Schoenbohm's wife was recently laid off from her job
|
|
at Pan Am when the airline closed down. Financially, it could be very
|
|
difficult for KV4FZ to organize an appeal with no money coming in.
|
|
|
|
The day after the KV4FZ conviction, Schoenbohm who is the Republican Committee
|
|
vice chairman was strangely named at a territorial convention as one of eight
|
|
delegates to attend the GOP national convention in Houston this August. He was
|
|
nominated at the caucus even though his felony conviction was known to
|
|
everyone. Schoenbohm had even withdrawn his name from consideration since he
|
|
was now a convicted felon.
|
|
|
|
The Virgin Island Daily News later reported that Schoenbohm will not be
|
|
attending the GOP national convention. "Schoenbohm said he came to the
|
|
conclusion that my remaining energies must be spent in putting my life back
|
|
together and doing what I can to restore my reputation. I also felt that any
|
|
publicity in association with my selection may be used by critics against the
|
|
positive efforts of the Virgin Islands delegation."
|
|
|
|
Schoenbohm has been very controversial and vocal on the ham bands. Some ham
|
|
operators now want his amateur radio license pulled -- and have made certain
|
|
that the Commission is very much aware of his conviction.
|
|
_______________________________________________________________________________
|
|
|
|
AT&T Launches Program To Combat Long-Distance Theft May 13, 1992
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
By Virginia Randall (United Press International/UPI)
|
|
|
|
Citing the mushrooming cost of long-distance telephone fraud, American
|
|
Telephone & Telegraph Co. announced plans to combat theft of long-distance
|
|
telephone services from customers.
|
|
|
|
AT&T's program, dubbed NetProtect, is an array of software, consulting,
|
|
customer education and monitoring services for businesses. One program limits
|
|
customer liability to the first $25,000 of theft, while another ends customer
|
|
liability entirely under certain circumstances.
|
|
|
|
By law, companies are liable for the cost of calls made on their systems,
|
|
authorized or not.
|
|
|
|
Jerre Stead, president of AT&T's Business Communications unit, said, "The
|
|
program not only offers financial relief to victims of long-distance fraud.
|
|
It also gives our customers new products and services specifically designed to
|
|
prevent and detect fraud."
|
|
|
|
Long-distance calling fraud ranges from a few dollars to the hundreds of
|
|
thousands of dollars for victims. The Communications Fraud Control
|
|
Association, an industry group, estimates long-distance calling fraud costs
|
|
more than $1 billion a year, said Peggy Snyder, an association spokeswoman.
|
|
|
|
NetProtect Basic Service, offered free with long-distance and domestic 800
|
|
service, consists of ongoing monitoring around the clock for unusual activity.
|
|
|
|
The company will start this service this week.
|
|
|
|
NetProtect Enhanced and Premium services offer more customized monitoring and
|
|
limit customer liability to $25,000 per incident or none at all, depending on
|
|
the program selected.
|
|
|
|
Pricing and permission to provide the Enhanced and Premium services are
|
|
dependent on Federal Communication Commission approval. AT&T expects to offer
|
|
these programs beginning August 1.
|
|
|
|
Other offerings are a $1,995 computer software package called "Hacker Tracker,"
|
|
consulting services and the AT&T Fraud Intervention Service, a swat team of
|
|
specialists who will detect and stop fraud while it is in progress.
|
|
|
|
The company also will provide a Security Audit Service that will consult with
|
|
customers on possible security risks. Pricing will be calculated on a case-by-
|
|
case basis, depending on complexity.
|
|
|
|
The least expensive option for customers is AT&T's Security Handbook and
|
|
Training, a self-paced publication available for $65 which trains users on
|
|
security features for AT&T's PBX, or private branch exchanges, and voice mail
|
|
systems.
|
|
|
|
Fraud occurs through PBX systems, which are used to direct the external
|
|
telephone calls of a business.
|
|
|
|
Company employees use access codes and passwords to gain entry to their PBX
|
|
system. A typical use, the industry fraud group's Snyder said, would be a
|
|
sales force on the road calling into their home offices for an open line to
|
|
call other customers nationally or worldwide.
|
|
|
|
These access codes can be stolen and used to send international calls through
|
|
the company's network, billable to the company.
|
|
|
|
Unauthorized access to PBXs occur when thieves use an automatic dialing feature
|
|
in home computers to dial hundreds of combinations of phone numbers until they
|
|
gain access to a company's PBX system.
|
|
|
|
These thieves, also known as hackers, phone freaks or phrackers, then make
|
|
their own calls through the PBX system or sell the number to a third party to
|
|
make calls.
|
|
|
|
Others use automatic dialing to break into PBX systems through voice mail
|
|
systems because such systems have remote access features.
|
|
|
|
Calls from cellular phones also are at risk if they are remotely accessed to a
|
|
PBX. Electronic mail systems for intracompany calls are not affected because
|
|
they don't require PBX systems.
|
|
|
|
According to Bob Neresian of AT&T, most fraud involves long-distance calls to
|
|
certain South American and Asian countries, especially Columbia and Pakistan.
|
|
|
|
There is no profile of a typical company at risk for telephone fraud, said
|
|
Snyder.
|
|
|
|
"Any company of any size with long-distance service is at risk," she said.
|
|
"Criminals don't care who the long distance provider is or how big the company
|
|
they're stealing from is."
|
|
|
|
She said the industry recognized the dimensions of telephone theft in 1985,
|
|
when the Communications Fraud Control Association was formed in Washington D.C.
|
|
The group consists of providers of long-distance service, operator services,
|
|
private payphones, end-users of PBX systems, federal, state and local law
|
|
enforcement agencies and prosecutors.
|
|
|
|
Janice Langley, a spokeswoman for US Sprint Corp. in Kansas City, Mo., called AT&T's announcement similar to a program her company announced March 31.
|
|
|
|
That service, SprintGuard Plus, is available to companies with a call volume
|
|
of $30,000 a month. Sprint also offers basic monitoring program to customers
|
|
without charge.
|
|
|
|
"We don't have minimum billing requirements for any of these services or
|
|
systems," responded AT&T's Neresian. "All the carriers have seen the problem
|
|
and have been working on their own approaches," he said.
|
|
|
|
Jim Collins, a spokesman for MCI Communications in Washington, said his company
|
|
had been conducting phone fraud workshops free of charge for customers for four
|
|
years.
|
|
_______________________________________________________________________________
|