January 10, 2003
Our friends the Saudi phreakers

The Texas A&M phone system was hacked by some Saudi Arabians, who used it to make free long distance calls.

Phone carriers alerted the school to the suspicious activity Thursday, said Walt Magnussen, A&M's associate director of telecommunications. The university sent an emergency e-mail to employees about the attack that urged them to change their mailbox passwords.

The fraud affected five voice mailboxes among the university's 25,000 phone lines. The number or cost of the unauthorized calls wasn't immediately known, The Eagle reported today.

"Initial indications look like we caught it pretty quickly," Magnussen said.

The hackers guessed each mailbox password because it was the same as the phone number.

"It's like using your name for your password," he said. "It's one of the first things people are going to guess."

The hackers manipulated the outgoing messages by recording "Hello?", followed by a pause, then "Yes." The new recording was designed to fool international operators into thinking they were talking to a live person who answered the phone, then agreed to take a collect call.

Once inside the mailbox, hackers could transfer the call anywhere they wanted at A&M's expense. It may take a month or more to learn how much damage was done, Magnussen said.

This is a pretty common technique, though the recording of "Hello" and "Yes" to fool an operator into thinking that collect charges had been accepted is a new one to me.

Posted by Charles Kuffner on January 10, 2003 to Around the world | TrackBack