The other kind of phone hacking
By Conor Spackman
BBC News
Telecommunications fraud costs the industry an estimated £1.2bn a year
Computer hacking has been in the public eye for almost thirty years.
The successful 1984 film Wargames, starring Matthew Broderick, detailed how a teenage hacker used his bedroom computer to break into the American nuclear system.
The concept of phone hacking, however, is a more recent phenomenon.
The press has recently been filled with stories of reporters hacking into celebrities' mobile phones in order to listen to their voicemail and gather information.
The concept of a whole business' network being compromised is something which is not so familiar.
'Dial Through Fraud'
But it is a growing illegal activity - sometimes called 'phreaking' - and contributes about 10% of the overall estimated £1.2bn telecommunications fraud in the UK each year.
'Dial Through Fraud' usually begins by targeting a business which allows their workers to call in from outside the office and use their employers' network to make a call.
The employee usually has to use a PIN number, but often that number is still the generic number it was when the service was first installed, for example, 1234.
The hackers are often well resourced from their previous successes.
They employ teams of people to find the networks that can be easily compromised, sometimes making their calls at weekends and bank holidays to avoid suspicion.
Once they gain access, their potentially lucrative activity begins.
Hackers, usually based abroad, sometimes have already set up premium rate phone lines from which they get revenue.
They then use the network they have compromised to make calls to these numbers, collecting cash at the other end.
'Log-in software'
There are also other means of making money from the scam.
Many people who have been to a city in the developing world will have noticed shops which offer good rates on international calls.
Sometimes, these calls will actually be routed through the hacked network, making the calls cheaper for everyone apart from the compromised business who gets a huge bill through the post.
With the annual cost to telecommunications companies in the UK reaching more than a billion pounds, fraud is a very costly problem.
And 'dial through fraud' is difficult to curtail.
Dr Kevin Curran, an expert in computer science at the University of Ulster, explained that telecoms companies very rarely refer cases to the police.
Phone networks are increasingly sophisticated but so are the hackers who target them
With many of the scammers based in Eastern Europe and even further afield, he says, tracking them down can be extremely difficult.
Scotland Yard
However, he does provide some hope for those worried about being affected.
"Set up what we call log-in software, which monitors all the activity happening on the network at that time," Dr Curran said.
"You can also set up rules which say that you will never dial Afghanistan, never dial India.
"So when somebody is dialling in and tries to dial a country that is on your list, which you know you should not have to phone, then you can get an email alert or phone call to alert you to possible criminal activity on your network.
"You could also set up various levels of username and password security so that no-one personally has access to all the functionality of that switchboard."
Businesses are not the only target, Dr Curran says - charities, schools and other public bodies are at risk.
Anyone who underestimates the risk, he adds, should be aware of one of the most high-profile victims from which hackers netted millions - New Scotland Yard.
Credit: BBC (www.bbc.co.uk)
No comments:
Post a Comment