Think of phone hacking and you probably think of the current news reports of newspapers allegedly gaining access to the phones of celebrities and politicians to gather information. What you may not think of is criminals hacking into the phone systems of businesses.
Once access has been gained to a company’s network, this can be used to illegally route calls, either to make international calls or even to generate revenue from premium rate numbers, all at the expense of the hacked company. It is the latter that has recently been done to some companies in the Harrogate area.
Usually after the companies have closed (often at weekends or bank holidays to help avoid detection) the hackers have gained access to the network and called premium rate (09) and special rate (0871) numbers which they earn revenue from. In some cases this revenue is used to fund organised crime and terrorist activity.
A case in America that made it to court uncovered an international crime gang that had access to over 2,500 PBX’s and had illegally routed calls to the value of $55million dollars. Another case of note, and probably the most high profile UK victim was New Scotland Yard.
The average call charges faced by a company hit by this type of hacking is £10,000, but one company that was hit over the New Year weekend had £25,000 of call charges generated.
As you can see by the figures above, phone hacking is a serious crime and in all cases we advise affected parties to notify the police as soon as the hack is brought to their attention. The called numbers should be reported to Ofcom and Phonepay Plus.
As with computer hacking, there are measures to reduce this risk of being hit, however as fast as these measures close one door, the hackers find ways to open another.
One of the main ways access is gained is through services such as voicemail which allow you to dial into a network externally, but there are simple steps that can be taken to reduce the risk of this happening. Ensure all ways of accessing your network are password protected (just as you would put a password on your wireless internet network), change these passwords often, don’t share passwords, make passwords as long and complicated as possible (many hackers have sophisticated methods that can crack passwords 16 digits long) and keep all access codes secure (some victims had calls from individuals claiming to be from telephone companies asking codes to do work on the network or to update their security).
It is also worth considering what kinds of calls you make; does your business need to be able to call premium rate or international numbers? If not, consider call barring features so if your network was compromised, it would be harder for extensive call charges to be built up.
If phone hacking is something you are concerned about or if you would like to discuss this further, please email the office at firstname.lastname@example.org