Forgot your password?
typodupeerror
Security

FEMA Phones Hacked, Calls Made To Mideast and Asia 241

Posted by CmdrTaco
from the oh-that's-just-not-good dept.
purplehayes writes "A hacker broke into a Homeland Security Department telephone system over the weekend and racked up about $12,000 in calls to the Middle East and Asia. The hacker made more than 400 calls on a Federal Emergency Management Agency voicemail system in Emmitsburg, Md., on Saturday and Sunday, according to FEMA spokesman Tom Olshanski."
This discussion has been archived. No new comments can be posted.

FEMA Phones Hacked, Calls Made To Mideast and Asia

Comments Filter:
  • by elrous0 (869638) * on Thursday August 21, 2008 @09:31AM (#24688385)
    The hacker was in New Orleans. So they were obligated by official policy to ignore his calls.
    • by cayenne8 (626475) on Thursday August 21, 2008 @09:47AM (#24688611) Homepage Journal
      "The hacker was in New Orleans. So they were obligated by official policy to ignore his calls."

      Hey, it would be a little 'justice'...considering how badly FEMA screwed over many from the area.

      Just another example of the incompetence of this Federal government agency. From my experience with them, and most all other govt agencies that have to deal with large numbers of people...sadly, the incompetence, red tape, and waste of money is a common denominator.

      And now...we're wanting to put THEM in charge of our medical care? Scary.

      • by Shadow Wrought (586631) * <shadow@wrought.gmail@com> on Thursday August 21, 2008 @10:06AM (#24688853) Homepage Journal
        He was actually only trying to call one person, but every time the caller ID came up as FEMA the guy panicked and wouldn't answer. When the authorities showed up at the poor guys house he was in a fetal position, rocking himself back and forth saying over and over again, "FEMA. Keeps Calling. Won't stop. FEMA!!!"
      • Re: (Score:2, Interesting)

        by Anonymous Coward

        Hey, it would be a little 'justice'...considering how badly FEMA screwed over many from the area.

        Once upon a time, people believed these words: "Ask not what your country can do for you, but what you can do for your country!" Though, I doubt you can figure out what I'm getting at.

        • Re:In FEMA's defense (Score:5, Informative)

          by megaditto (982598) on Thursday August 21, 2008 @11:33AM (#24690159)

          "Ask not what your country can do for you[...]

          I recognize these words. I think these were uttered by JF Kennedy, the man who started the war in Vietnam, sent thousands of American conscripts to die there, all while snorting coke off Marilyn Monroe sweet butt (and while his brother the Attorney General Bobby Kennedy wiretapped Martin Luther King and other civil rights leaders).
          No wonder that asshole didn't want us asking what our country could do for us.

          [...] but what you can do for your country!"

          You actually believe that shit? Talk about "useful idiots"...

        • by hairyfeet (841228)

          Well,when YOU are sitting there in the path of a hurricane in waist deep water while the buses that could get you to safety are sitting there idle [wikinews.org] then you can say everyone should "do for themselves". besides I thought that was the whole POINT of having a government in the first place? There are some jobs like national defense and disaster relief that are simply too big to "do it yourself",therefor we pay taxes so that an organization with "supposedly" better resources can handle the big jobs.

          As someone

          • by pcolaman (1208838) on Thursday August 21, 2008 @12:04PM (#24690651)
            Before you start acting like you know what you are talking about...nevermind, just don't speak. You are from AR, your experience with Hurricanes amounts to what leftovers you may get with a storm that passes through Mississippi. I went through Ivan, Dennis, parts of Katrina, etc etc. I live in Pensacola, which is right in the middle of Hurricane Alley. The problems with New Orleans were primarily the fault of the state of Louisiana and the city government, not the Federal Government and FEMA. Mayor Nagin advised people NOT to leave town and only gave the order to evac less than 24 hours before the storm hit. And the city and state misused Federal funds that were supposed to be used to shore up the levies. Let's not forget that Biloxi had far worse damage from Katrina, but was forgotten because NO had serious flooding damage from the levies collapsing, not from storm damage. Most of the damage occurred days after the Hurricane, not while it was passing through. And the US Army and US Navy were the first on the scene, but even they had to wait until the storm was out of the way. No use trying to rescue people if your helicopters are damaged beyond use because of storm damage. Oh yeah, while we're on this discussion, let's talk about the fact that people were basically handed free money in the form of Debit cards after Katrina, without any vetting process to determine who needed money. Everything from Girls Gone Wild to Sex change operations were purchased with said free Debit cards. What major aid was given to Biloxi, given that their wind damage was far worse than that of New Orleans? For that matter, other than blue tarps and MREs, people in Pensacola had to all but fend for themselves after Ivan, but we managed just fine. If you REALLY had experience with Hurricanes, you'd know that you are responsible for surviving on your own for a maximum of 5 days, as the state and federal government will tell you, because sometimes it's not possible for them to get to you immediately. It was a failure on the city and state's fault to not prepare their populace, and the stupidity of the people of New Orleans for living in a city below sea level. It was bound to happen eventually.
            • Re: (Score:3, Insightful)

              by Anonymous Coward

              Sure, and people are stupid for living in California with its earthquakes and wildfires, and people are stupid for living in the midwest with the tornados, and people are stupid for living pretty much anywhere in the U.S. with the yellowstone caldera overdue to blow, and people are stupid for living . . .

              Pensacola has had the misfortune to be hit by several hurricanes. By your logic, you are a fool to still live there.

              And for all of the smug idiots who think they are paying for me to live in what should be

              • Re: (Score:3, Interesting)

                by Lost Engineer (459920)

                Houses in California are earthquake resistant, by law, and you're not *supposed* to be able to build in wildfire prone areas. You'll notice when they do come, very small numbers of properties are damaged compared to say a hurricane because they're mostly burning empty land.

                The fact that the only flood insurance available in NO is government subsidized should give you some indication of relative risk.

      • Re: (Score:2, Insightful)

        by Dantu (840928)

        ...sadly, the incompetence, red tape, and waste of money is a common denominator.

        And now...we're wanting to put THEM in charge of our medical care? Scary.

        Well, as a Canadian I can tell you that you're right, health-care run but bureaucrats is a bit scary. But, there is a bit of a problem with the alternative: the nature of heath-care is such that unless you are VERY rich, you want insurance. The problem with insurance is that it's not their job to heal you, it's their job to make money - and they are very good at it.

        So, an incompetent bureaucrat managing my health care dollars is still much better than an insurance company.

        PS: This goes for car insurance t

        • by ColdWetDog (752185) * on Thursday August 21, 2008 @11:50AM (#24690421) Homepage

          So, an incompetent bureaucrat managing my health care dollars is still much better than an insurance company.

          The big, really big, in fact just simply enormous problem with where the US healthcare system is heading is that you will have an incompetent bureaucracy subcontracting management to an insurance company. Worst of both worlds.

          If you think the problem is bad now, just wait until we fix it! (attrib: somebody or other, use Google if you must know)

      • Re: (Score:2, Insightful)

        by mOdQuArK! (87332)

        I'm a little uncertain as to why you think private insurance provides more efficient health care? If anything, private insurance makes more profit by denying as much health care as possible.

  • In an age of IP Telephony it seems kind of silly and ends up just being vandalism
    • by hal9000(jr) (316943) on Thursday August 21, 2008 @09:36AM (#24688465)
      because phones, and more likely modems attached to stuff, still provide reliable ways to break into systems.

      You kids and your IP telephony. Get off my lawn!
    • by sm62704 (957197) on Thursday August 21, 2008 @10:01AM (#24688795) Journal

      I saw this on Yahoo news this morning (and submitted it, apparently my submission wasn't the first). It looked to me like the purpose of the hack was to discredit the DHS, which is FEMA's parent organization.

      Note that all the calls went to middle east countries, including Afghanistan and Yemen, both Taliban havens. IMO the hacker did the US a great service by exposing FEMA's incompetence. Katrina is fading in folks' memories and "Brownie", who took the fall for that cluster fuck, is long gone but the agency is still apparently still incredibly dysfunctional and run by incompetents.

      Excellence and failure both start at the top. When the head guy is incompetent, he will hire incompetents.

      • Re: (Score:3, Informative)

        by seeker_1us (1203072)
        It should be pointed out that FEMA used to be a very competant organization before GWBush merged it into his Department of Fatherland Security and cut it's budget.
      • by megamerican (1073936) on Thursday August 21, 2008 @10:29AM (#24689255)

        Katrina is fading in folks' memories and "Brownie", who took the fall for that cluster fuck, is long gone but the agency is still apparently still incredibly dysfunctional and run by incompetents.

        Excellence and failure both start at the top. When the head guy is incompetent, he will hire incompetents.

        If you haven't noticed, the best way to get a bigger budget and more power is to be incompetent. That's the supposed reason why DHS was created in the first place.

        If you subsidize stupidity, that is all you'll ever get.

      • by photon317 (208409) on Thursday August 21, 2008 @11:14AM (#24689883)

        I'd like to offer a dissenting opinion on the FEMA issue in New Orleans. States are supposed to have some kind of emergency preparedness of their own. It's not enough to just fall apart and beg for FEMA to save you. FEMA's traditional role has been to show up late and provide sustaining support in the aftermath of an event, not to be the first responders at the moment of crisis. Many other states understand this. Texas (a nearby neighbor who ended up bearing the brunt of the NO disaster refugees) for example rarely needs FEMA - when hurricanes head for Texas, they deploy their local resources to remedy the immediate situation.

        The problem with the NO disaster was not FEMA. The problem was the bankrupt, ineffective, unprepared, and completely corrupt local and state governments in the area who had nothing to offer their citizens when disaster struck.

  • Hacker? (Score:5, Informative)

    by ilovegeorgebush (923173) * on Thursday August 21, 2008 @09:35AM (#24688437) Homepage
    Shouldn't this be 'phreaker'? The article even states the break-in was over their PBX (i.e. a convential phone system, not VoIP).
    • Re:Hacker? (Score:5, Funny)

      by Enderandrew (866215) <enderandrew@gm[ ].com ['ail' in gap]> on Thursday August 21, 2008 @09:37AM (#24688473) Homepage Journal

      He used a whistle found in a cereal box.

    • Re:Hacker? (Score:4, Insightful)

      by volxdragon (1297215) on Thursday August 21, 2008 @09:46AM (#24688607)

      Yes, the correct term is Phreaking [wikipedia.org], but come on, this is the AP....you expect them to get that right?

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      I bet a dollar that there was some sort of default password left intact, so it was
      da fault of the installer. Thats the oldest school phreak in the book.
      I remember in the 80's when we used to wardial to find computers and PBX's,
      a friend and I discovered a DEC owned PBX with a dial in, input code, dial out line.
      The code was only 4 digits long so before we brute forced it with a sequential
      attempt, we kept trying to spell different 4 letter words. Lo and behold, the passcode was
      ROCK, typed on the touch tone key

      • by dave562 (969951)
        Hell, you think that's bad? Back in the day AT&T left a huge swath of their unallocated Divinity Audix systems open with the default mailbox setup on 200 with the password 200. They were also nice enough to leave them sitting all on an 800 number pool where you could just dial 800-##AUDIX. The ones at 800-AUDIX## were only slightly more secure. I miss those days of easy to find exploitable systems. Well, I guess those days are still here if you're dealing with the government.
    • I thought phreakers became extinct back in the 80s

  • by Anonymous Coward

    I never understood why someone would or could make exhorbatent amin long distance phone calls. The only thing I can figure out is that some nerd was busy talking to his girlfriend on vacation.
     
      While (Idiot.onphone) {
    "Hang up!"
    "You!"
    "No You!"
    "No You Hang up!"
    }

  • by Sir_Real (179104) on Thursday August 21, 2008 @09:38AM (#24688493)

    Twelve Grand?! Is this another indicator of inflation? Who is billing this out? For 12 grand the phone companies should give you a phone that will work for life, from anywhere, to anywhere. Are the same people responsible for claiming that a quarter of schwag has a "street value" of fifty grand?

    • Re: (Score:2, Informative)

      by halfEvilTech (1171369)

      Twelve Grand?! Is this another indicator of inflation? Who is billing this out? For 12 grand the phone companies should give you a phone that will work for life, from anywhere, to anywhere. Are the same people responsible for claiming that a quarter of schwag has a "street value" of fifty grand?

      Well look at it this way. $12,000 in calls divided by the 400+ calls would bring it to less than $30 per call. For anyone who has made calls to overseas knows that the rates are freakin expensive.

      For example from the FCC [fcc.gov]
      Here are sample costs for calls to France from the U.S. at basic and discounted rates:

      Basic Rate is $1.77-2.77 per minute

      Note: The actual rates and terms from companies you choose may be different than those shown.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      No, it's the rate charged for this. Seriously. This same thing happened at one of my previous jobs and it left us with a $20K+ bill that we disputed with the phone company over a period of weeks.

    • by gad_zuki! (70830)

      Thast not a lot. They probably dont have an international plan, so they were charged ala carte fees.

      For those of us used to VOIP, its crazy, but phone companies still charge out the wazoo for calls.

    • They're taking a cue from the RIAA who believe that illegally downloaded songs are worth 12,000 bucks each. Or maybe that other kid cracker who got into Air Force computers and was able to look up flight plans, then the Air Force tried to say that he cost thousands or millions in "damages"

      They should just call it the "You made us look stoopid" tax.
    • by Bryansix (761547)
      Exactly! This is the real story. Not that the phreaker was able to make the calls using a FEMA PBX/voicemail system but that the phone company charged $12,000 for calls all made by ONE PERSON. That is absolutely ridiculous! Do you know how much those calls would cost if they used SIP Trunks instead? Nothing!
  • Verizon guy (Score:5, Funny)

    by Enderandrew (866215) <enderandrew@gm[ ].com ['ail' in gap]> on Thursday August 21, 2008 @09:39AM (#24688507) Homepage Journal

    He kept calling that damned annoying Verizon guy.

    "You're in Thailand now? Can you hear me now?"

  • So he doesn't have a Skype account?
  • Incompetence... (Score:4, Insightful)

    by nobodylocalhost (1343981) on Thursday August 21, 2008 @09:44AM (#24688567)

    DHS is like the laughing stock of government security. Being PBX Phreaked with a 15 year old hack is just bad... Hope the next administration isn't this incompetent.

    • Re: (Score:3, Interesting)

      by sm62704 (957197)

      Hope the next administration isn't this incompetent.

      I'd say it wasn't possible to have a worse President, but I thought I'd never see a worse President than Carter, either. Bush proved me wrong on that one, now I worry and just keep my fingers crossed. I'm not too thrilled with either McCain or Obama, and will be voting against both of them.

      • Really? And just who will you be voting for?

        • by sm62704 (957197)

          Either Libertarian candidate Bob Barr or Green Party candidate Cynthia McKinney. It doesn't matter as both will lose, but I'll be casting a vote against Corporate Party candidates McCain and Obama.

          • Interesting. I didn't think about ether of those. While I'm sure that both will lose compared to tweetledee and tweetledumbass but that might be just a damn good idea. I think there should be one more option on the ballot. A "none of the above" that expresses a no confidence in any of the candidates.

            • by sm62704 (957197)

              There's a fifth party as well, the Constitution party, but I'm not sure if they're on the ballot in Illinois. I'm fairly certain the Greens and Libbies are.

        • Ah that's obvious, for the groove minister [is.gd]!

    • by db32 (862117)
      Governments that are incompetent are far less dangerous than competent ones.
  • Default password? (Score:3, Interesting)

    by bsaxberg (760884) on Thursday August 21, 2008 @09:44AM (#24688577)
    What are the odds he/she used a default password to gain access? I mean this is the government we are talking about here.
  • by lewko (195646) on Thursday August 21, 2008 @09:49AM (#24688649) Homepage

    400 calls totalling $12,000.

    That is, about $30 per call.

    And from the article: "Most of the calls were about three minutes long, but some were as long as 10 minutes."

    As long as 10 minutes? Not only did FEMA have a badly configured phone system, they must have had some of the crappiest call plans I could possibly imagine. I mean, where were the calls terminating? The moon?

    Your tax dollars at work.

    • They probably had a no-bid phone contract from KBR shoved down their throats over at DHS. And since DHS workers aren't in the civil-service union, there's no whistleblower protection, so nobody squawked.

    • Assuming the phone was "off the hook" for the entire 48 hours and only one call is placed at any given time, that's 2880 minutes, or $4.17 a minute. Any phone company charging that kind of rate per minute will get call into the capital by state utility commission (AT&T charges just over a buck a minute for cellphone roaming calls originating in Asia.)

  • You're doing a heck of a job.
  • What a surprise (Score:2, Insightful)

    by hyades1 (1149581)

    If anybody ever doubted that these clowns are better at sucking up tax dollars and destroying the US Constitution than providing security, look no further for the proof.

    Osama must be laughing his ass off.

    • Osama is long dead, so no he is not laughing.

  • Silly (Score:3, Insightful)

    by X.25 (255792) on Thursday August 21, 2008 @10:12AM (#24688945)

    Hacking PBXes was ok 15 years ago.

    Hacking them now is pretty much guaranteed to get him caught.

    Oh well...

  • by s.d. (33767) on Thursday August 21, 2008 @10:13AM (#24688955)
    Olshanski did not know who the contractor was or what hole specifically was left open, but he assured the hole has since been closed.

    "I don't know who it was or what they did or didn't do, but I assure you they fixed it."
  • I mean really, I know the /. janitors are determined to bring tabloid-standard reading levels in, but you'd think they'd at least get *that* bit right.

  • Once again the term hacker was misused. In this case the term for the criminal involved is phreaker. Hackers hack computers, phreakers hack phones.

    With that little bit of semantics out of the way, I wonder what system they were running. Audix perhaps?

  • Emmittsburg? (Score:2, Informative)

    by weiserfireman (917228)
    Emmittsburg, MD? There is only one major FEMA facility there, The US Fire Administration National Fire Academy. Happens I am going to be there for a week next month. Wonder if the phreaker will offer instructions so that I can call home free too. Beautiful campus btw, about 3 miles from Camp David
  • oh come on... (Score:2, Informative)

    by Net_fiend (811742)
    "This illegal activity enables unauthorized individuals anywhere in the world to communicate via compromised U.S. phone systems in a way that is difficult to trace," lol. Well of course its difficult to trace. Anyone with enough cajoles knows this. All you have to do is go to a phone box out in the middle of nowheresville and patch into it (illegal of course) and make calls. Its all untracable to the actual person who did it, but not untraceable to the poor schmuck who has to pay for the bill the calls
  • ... This type of hacking is very low-tech and "old school," said John Jackson, a St. Louis-based security consultant. It was popular 10 to 15 years ago ...

    It was Captain Crunch [wikipedia.org]

    Actually, this is /. I suppose I didn't really need that link did I?

  • what was the point? (Score:3, Interesting)

    by DragonTHC (208439) <Dragon.gamerslastwill@com> on Thursday August 21, 2008 @12:21PM (#24690923) Homepage Journal

    is this terrorism? or just plain old hacking?

    what's the point of breaking into a federal telephone system to call asia and the middle east?

    surely if you have the know-how to pull that off, you could have gotten the calls for free anyway?

    so what was the point? was it a diversion? or a lesson hack?

Facts are stubborn, but statistics are more pliable.

Working...