Threat Center Security News FEMA phones hacked; calls made to Mideast, Asia
FEMA phones hacked; calls made to Mideast, Asia Print E-mail
Written by Rebecca Mints   
Wednesday, 20 August 2008 15:07

WASHINGTON - A hacker broke into a Homeland Security Department telephone system over the weekend and racked up about $12,000 in calls to the Middle East and Asia. The hacker made more than 400 calls on a Federal Emergency Management Agency voicemail system in Emmitsburg, Md., on Saturday and Sunday, according to FEMA spokesman Tom Olshanski.

 

FEMA is part of Homeland Security, which in 2003 put out a warning about this very vulnerability.

 

The voicemail system is new and recently was installed. It is a Private Branch Exchange, or PBX, a traditional corporate phone network that is used in thousands of companies and government offices. Many companies are moving to a higher tech version, known as Voice Over Internet Telephony.

 

This type of hacking is very low-tech and "old school," said John Jackson, a St. Louis-based security consultant. It was popular 10 to 15 years ago. Telecommunications security administrators now know to configure security settings, such as having individual users create unique passwords and not continue to use the password assigned to users in the initial setup.

 

"In this case it's sort of embarrassing that it happened to FEMA themselves

 

WTW Threat Level