FEMA Phones Hacked, Calls Made To Mideast and Asia 241
purplehayes writes "A hacker broke into a Homeland Security Department telephone system over the weekend and racked up about $12,000 in calls to the Middle East and Asia.
The hacker made more than 400 calls on a Federal Emergency Management Agency voicemail system in Emmitsburg, Md., on Saturday and Sunday, according to FEMA spokesman Tom Olshanski."
Re:Who hacks phones anymore? (Score:5, Interesting)
You kids and your IP telephony. Get off my lawn!
Who is valuing these minutes? (Score:5, Interesting)
Twelve Grand?! Is this another indicator of inflation? Who is billing this out? For 12 grand the phone companies should give you a phone that will work for life, from anywhere, to anywhere. Are the same people responsible for claiming that a quarter of schwag has a "street value" of fifty grand?
government waste or what? (Score:0, Interesting)
Apparently most calls were short, from 3 to 10 minutes. Assuming these calls were all longer, like the max of 10 minutes, then for 400 calls to total $12,000 the government must be paying a minimum $3 per minute for these calls.
Either someone is massive exaggerating the scope of this theft or some idiot in procurement failed to put our national security infrastructure on the international calling plan.
cover up! (Score:0, Interesting)
that is, if you have an active imagination...
Default password? (Score:3, Interesting)
Re:government waste or what? (Score:2, Interesting)
The 400 calls aren't necessarily consecutive.
Many times these hacks are done to provide low cost calling to immigrants calling back home. $20 bucks can buy you almost unlimited phone time to talk to your entire village back home.
Re:Hacker? (Score:2, Interesting)
I bet a dollar that there was some sort of default password left intact, so it was
da fault of the installer. Thats the oldest school phreak in the book.
I remember in the 80's when we used to wardial to find computers and PBX's,
a friend and I discovered a DEC owned PBX with a dial in, input code, dial out line.
The code was only 4 digits long so before we brute forced it with a sequential
attempt, we kept trying to spell different 4 letter words. Lo and behold, the passcode was
ROCK, typed on the touch tone keypad. Unlike these hackers, we didn't call the middle east
and the PBX code stayed alive for our little group for over 6 years. That was way better than the Sprint, Metro, and MCI codes
that were going around back then.
Another of our members used a known exploit to completely take over a Nortel PBX, but
thats a different story.
Whats up 415 / 510 Scan club.
Re:Who hacks phones anymore? (Score:5, Interesting)
I saw this on Yahoo news this morning (and submitted it, apparently my submission wasn't the first). It looked to me like the purpose of the hack was to discredit the DHS, which is FEMA's parent organization.
Note that all the calls went to middle east countries, including Afghanistan and Yemen, both Taliban havens. IMO the hacker did the US a great service by exposing FEMA's incompetence. Katrina is fading in folks' memories and "Brownie", who took the fall for that cluster fuck, is long gone but the agency is still apparently still incredibly dysfunctional and run by incompetents.
Excellence and failure both start at the top. When the head guy is incompetent, he will hire incompetents.
Re:Incompetence... (Score:3, Interesting)
Hope the next administration isn't this incompetent.
I'd say it wasn't possible to have a worse President, but I thought I'd never see a worse President than Carter, either. Bush proved me wrong on that one, now I worry and just keep my fingers crossed. I'm not too thrilled with either McCain or Obama, and will be voting against both of them.
Re:An act that merits actual attention (Score:3, Interesting)
Its quite possible the person who broke into the PBX also sold the information on how to make 'free' calls to wherever which would result in multiple people accessing it simultaneously thus making it possible to rack up $12,000+ in very short periods of time.
Re:In FEMA's defense (Score:2, Interesting)
Hey, it would be a little 'justice'...considering how badly FEMA screwed over many from the area.
Once upon a time, people believed these words: "Ask not what your country can do for you, but what you can do for your country!" Though, I doubt you can figure out what I'm getting at.
We had this happen a few years back (Score:1, Interesting)
I noticed a weird account in our VM system; on investigation it was trying to call an overseas toll line repeatedly. Our phone vendor said that the hacker will do this to get a kickback on the charges. Luckily, we had overseas calls blocked by our provider, so we didn't have any real problems, but we're strict about everyone having passwords now.
Re:Hacker? (Score:4, Interesting)
this is the AP....you expect them to get that right?
No, but I do expect Slashdot to get it right.
System 85 PBX (Score:1, Interesting)
Years ago (late '80s) someone discovered a non-password protected user extension on our System 85 PBX, and used the standard Audix dial out request to make a bunch of calls to Central America. This was a common practice by phone thieves at the time. Find an unlocked Audix account on any corporate phone system and use it to call out to foreign phone numbers. The perpetrator would typically charge multiple users through the course of an evening to allow them to call home. Generally it would not be noticed by the victim until the monthly billing cycle, and in the case of our office, by the time internal billing passed that on to the individual at the departmental level, that was two months. At that point they would finally convince the end user to the importance of setting a user password. Duh.
Internally, we used to search for open extensions internally and use it to change their greeting message or to pull some other sophomoric prank like reprogram all their speed dial buttons to the local 'psychic hotline' or the VP of the division.
Re:Who hacks phones anymore? (Score:4, Interesting)
This is the "piss on you an say it's raining" school of government indulged in by the Bushies and all their forbears back to Goldwater. When you deliberately place incompetents in government, you undermine it. There's nothing essential about incompetence anywhere, not even that giant bastion of incompetence, big business.
There is much better evidence for incompetent (but nonetheless gigantically paid) CEOs than for incompetent public servants. Public servants are subject to sunshine laws that would make the aforementioned CEOs run away screaming in terror. Libertarian duckspeak like the above paragraph just looks more and more ridiculous each year.
what was the point? (Score:3, Interesting)
is this terrorism? or just plain old hacking?
what's the point of breaking into a federal telephone system to call asia and the middle east?
surely if you have the know-how to pull that off, you could have gotten the calls for free anyway?
so what was the point? was it a diversion? or a lesson hack?
Re:In FEMA's defense (Score:2, Interesting)
We accept public service in situations when speed of the response is more important than the choice of who is providing the service and since choice is not an option making the "who" publicly accountable is important.
As US citizens for the most part we readily accept police, fire and rescue services run by or answerable to a government agency be it local, state or federal.
My question is why do we suddenly not accept that system at the door to the hospital that may very well be privately owned and monopolize an area for the emergency services provided by police, fire and rescue?
Re:In FEMA's defense (Score:3, Interesting)
Yeah...and you end up paying like 60%+ or more in taxes on what you make? No thank you...I'd rather take my money and do it myself. I set up a HSA, max it out with money pre-tax, and pay as I go. I get discounts from physicans on office visits and tests when they find I'm paying for myself. I have a high ($1200) deductible account ONLY for disasterous emergency care if I need it....but, for the rest of the stuff...I like the way I have it. I can also take that HSA money, and invest it in the market.....what's left at retirement....is my retirement money too. In the long run, I can come put WAY ahead of anyone taxing my at such a high rate, or even paying for insurance that you pay higher premiums every month, and co-pays for ever visit...etc.
Re:In FEMA's defense (Score:3, Interesting)
Houses in California are earthquake resistant, by law, and you're not *supposed* to be able to build in wildfire prone areas. You'll notice when they do come, very small numbers of properties are damaged compared to say a hurricane because they're mostly burning empty land.
The fact that the only flood insurance available in NO is government subsidized should give you some indication of relative risk.