Think of phone hacking and you probably think of news reports of newspapers gaining access to the phones of celebrities and politicians to gather information. What you may not think of is criminals hacking into the phone systems of businesses.
Once access has been gained to a company’s network, this can be used to illegally route calls, either to make international calls or even to generate revenue from premium rate numbers, all at the expense of the hacked company.
Usually after the companies have closed (often at weekends or bank holidays to help avoid detection) the hackers have gained access to the network and called premium rate (09) and special rate (0871) numbers which they earn revenue from. In some cases this revenue is used to fund organised crime and terrorist activity. Many businesses are unaware that they are liable for any charges generated during these attacks and that getting this money back is a lengthy process.
A case in America that made it to court uncovered an international crime gang that had access to over 2,500 PBX’s and had illegally routed calls to the value of $55million dollars. Another case of note, and probably the most high profile UK victim was New Scotland Yard.
The average call charges faced by a company hit by this type of hacking is £10,000.
As you can see by the figures above, phone hacking is a serious crime and in all cases we advise affected parties to notify the police as soon as the hack is brought to their attention. The called numbers should also be reported to Ofcom and Phonepay Plus.
As with computer hacking, there are measures to reduce this risk of being hit, however as fast as these measures close one door, the hackers find ways to open another.
One of the main ways access is gained is through services such as voicemail which allow you to dial into a network externally, but there are simple steps that can be taken to reduce the risk of this happening. Ensure all ways of accessing your network are password protected (just as you would put a password on your wireless internet network), change these passwords from the system default and ideally update them often, don’t share passwords, make passwords as long and complicated as possible (many hackers have sophisticated methods that can crack passwords 16 digits long) and keep all access codes secure (some victims had calls from individuals claiming to be from telephone companies asking codes to do work on the network or to update their security).
It is also worth considering what kinds of calls you make; does your business need to be able to call premium rate or international numbers? If not, consider call barring features so if your network was compromised, it would be harder for extensive call charges to be built up.
At Deep Blue we take the security of our customers seriously which is why we partner with a number of developers and services to provide additional security to our customers. We use multi level monitoring systems to track call traffic volumes. These alert us and can even automatically apply out bound call barring should suspicious activity be found.
If phone hacking is something you are concerned about or if you would like to discuss this further, please feel free to contact one of our friendly support staff.