Network News

X My Profile
View More Activity

Default Passwords Led to $55 Million in Bogus Phone Charges

The U.S. Justice Department today unsealed indictments against three Filipino residents accused of hacking into thousands of private telephone networks in the United States and abroad, and then selling access to those networks at call centers in Italy that advertised cheap international calls.

The indictments correspond to a series of raids and arrests announced today in Italy, where authorities apprehended five men alleged to have been operating the call centers and using the profits to help finance terrorist groups in Southeast Asia.

The U.S. government alleges that the individuals arrested in the Philippines were responsible for hacking so-called private branch exchange (PBX) systems -- computerized telephone switches and voice mail systems -- owned by more than 2,500 companies in the United States, Canada, Australia and Europe.

The indictment alleges that between October 2005 and December 2008, Manila residents Mahmoud Nusier, Paul Michael Kwan and Nancy Gomez broke into PBX systems, mainly by exploiting factory-set or default passwords on the voicemail systems. The government charges that the Italian call center operators paid the hackers $100 for each hacked PBX system they found.

The indictments explain the scam like this: People wishing to make cheap, international phone calls from Italy would enter one of several local call centers set up by the alleged co-conspirators there. They would be charged a cheaper per-minute rate than what it would otherwise cost for them to make a call from their own phone, yet more than what the call center operators are paying by routing their calls through a hacked PBX that has access to cheaper dialing rates. The call center operators are still charged for the initial long distance call to the hacked PBX, but since the rates per minute are much less than if they dialed from their own country, they can pocket the difference between what their customers pay and the cost of the hacked PBX routing rate.

According to a Google-translated Reuters piece, the trio allegedly then sold access to those systems to 40-year-old Pakistani Mohammed Zamir, the manager of a call center in Brescia, Italy. Italian authorities arrested Zamir and at least four other Pakistani men operating call centers throughout Northern Italy.

The U.S. government's case was filed in the U.S. District Court of New Jersey, the home of long distance provider AT&T, among the companies whose customers were most impacted by the scheme. The charging documents allege the thieves used the hacked PBX systems to relay more than 12 million minutes in unauthorized international phone calls, or $55 million worth of telephone charges.

Erez Liebermann, assistant U.S. attorney for New Jersey, said the hackers broke into most of the systems by using default passwords already set on them.

"The default passwords were left open in most of these PBX systems," Liebermann said.

The indictments filed by the Justice Department are available here (PDF). The defendants are charged with computer hacking, conspiracy to commit wire fraud, and access device fraud.

By Brian Krebs  |  June 12, 2009; 2:13 PM ET
Categories:  Cyber Justice , Fraud , U.S. Government , Web Fraud 2.0  | Tags: pbx hacking  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Spear-Phishing Gang Resurfaces, Nets Big Catch
Next: Apple Patches Java Flaws, At Last


The same types of hacks are happening daily with VoIP PBX's too. If you use Trixbox or PBX in a flash you have to watch out for the same type of attacks since they will let you use them without changing any defaults whatsoever. At least in the VoIP world a lot of SIP trunking providers are blocking international calls by default unless you specifically request each trunk to allow them.

Posted by: mike214 | June 12, 2009 3:48 PM | Report abuse

Default passwords!?! OMG. How can "professionals" be so ignorant?

Posted by: lostinthemiddle | June 12, 2009 3:55 PM | Report abuse

$55 million for 12 million minutes? Hard to believe - that's several times the rate for Iridium or Inmarsat satellite calls.
Sounds like a 'random rate' that companies like Verizon slap you with, if you make an overseas call without a calling plan (happened to me once; filed a complaint with the FCC and got my money back).

Posted by: nl01 | June 12, 2009 6:47 PM | Report abuse

Over $4.50 per minute. Yep. Sounds like Verizon or AT&T for sure.

Posted by: washpost46 | June 13, 2009 3:41 PM | Report abuse

What amazes me is that these days numerous crooks are apparently not even making any efforts to 'cover their tracks.'

Posted by: | June 13, 2009 11:22 PM | Report abuse

Almost 20 years after The Hacker Crackdown ( published, and this is still going on.

Posted by: wiredog | June 15, 2009 9:58 AM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company