Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacked Business Owner Stuck With $52k Phone Bill

Posted by ScuttleMonkey on from the build-a-better-mousetrap dept.

ubercam writes "A Canadian business man is on the hook for a $52,000 phone bill after someone hacked into his voice mail system and found a way to dial out. The hacker racked up the charges with calls to Bulgaria. The business owner noticed an odd message coming up on his call display (Feature 36), and alerted his provider, Manitoba Telecom Services. They referred him to their fraud department, who discovered the breach. MTS said that they would reverse the charges if the hacked equipment was theirs, but in this case it was customer owned. The ironic part is that the victim's company, HUB Computer Solutions, is in the business of computer and network security. They even offer to sell, configure and secure Cisco VoIP systems. Looks as though they even couldn't manage to secure their own system, which doesn't bode well for their customers." This certainly isn't the first time someone has exploited the phone system and stuck another with the bill. Maybe it's time for the phone company to get their fraud detection and prevention services at least on par with the credit card companies'.

8 of 300 comments (clear)

  1. WTF? by fuzzyfuzzyfungus · · Score: 4, Insightful

    Seriously there guys, why would Mr. HUB Computer Solutions let something as embarrassing as that hit the press?

    "Oh hi, I got my PBX hacked (possibly because of my 4 character PIN "security") and lost 50 grand on calls to Bulgarian criminals, how about paying me to set up your computers?"

    1. Re:WTF? by poot_rootbeer · · Score: 4, Insightful

      this guy has come back with "you should have notified me earlier of abnormal usage on my phone lines".

      The customer equipment that got compromised was a goddamn PBX. He should have been watching it himself for signs of abnormal usage.

  2. Some Math by Anonymous Coward · · Score: 4, Insightful

    Let's assume these calls cost $3.00 for a minute.

    $56,000 / 3.00 = 18667 Minutes.

    18667 / 60 (min/hr) = 311 Hrs.

    So that means nobody noticed as this guy called for almost 2 full weeks of talk-time??

    ($3.00 is an assumption as I have no idea what actual international rates are)

    Still, if this is even in the ball-park, that's a hell of a lot of talk time going unnoticed. You'd think the system would flag if you suddenly doubled your usage over a period of time.

  3. Have Teleco Block Outgoing International Calls? by Zymergy · · Score: 4, Insightful

    Is there not a way to just block the ability to direct dial International Calls at the Phone company level. That way a calling card could be used to only dial international?
    If the phone company does not offer such a protection, they are in a manner condoning such abuse are they not?

    I was also under the impression that YOU had to be the one that actually 'in good faith' placed the calls for it to legally billed to you. I am not sure about US/Canadian telecom laws?

    If a stranger hacks my WIFI encryption in my neighborhood and downloads child prOn, warez, illegal MP3, etc.. through my router/IP that DOES NOT mean that I did it and I AM NOT responsible for those communications/transfers as I have made reasonable accommodations to prevent that (plus I shutter to think that any of my neighbors are into any of that).
    I would simply be responsible for getting a better protected router or some other commonplace and reasonable standard process of WiFi protection.

    Similarly, this firm likely had made reasonable efforts to NOT have their phone system hacked, and therefore did not make the calls and thus should not be made responsible for them. The phone company should protect their customers 'in good faith'.

    1. Re:Have Teleco Block Outgoing International Calls? by GrenDel+Fuego · · Score: 4, Insightful

      If a stranger hacks my WIFI encryption in my neighborhood and downloads child prOn, warez, illegal MP3, etc.. through my router/IP that DOES NOT mean that I did it and I AM NOT responsible for those communications/transfers as I have made reasonable accommodations to prevent that (plus I shutter to think that any of my neighbors are into any of that).

      There's a difference between criminal liability and financial. You wouldn't be convicted of downloading child porn (or shouldn't be at least), but if your internet access was pay as you go, you may still be required to pay for the bandwidth used.

  4. Why ask MTS for compensation? by e9th · · Score: 4, Insightful

    He should be looking to the company that installed the system for compensation, not MTS.

  5. Re:Ha ha by Creepy+Crawler · · Score: 4, Insightful

    In most civilized countries, possession of stolen property is a criminal offense, as is selling said property. Service is also seen as the same.

    How is it not fraudulent behaviour to collect on services that amounted from theft?

    --
  6. Re:ScuttleMonkey doesn't even read TFS by michaelwv · · Score: 4, Insightful

    "It is not as useful or profitable for a telco to do the same, because " they are not legally on the hook. Thanks to some consumer-friendly legislation passed a while back, the credit card companies are specifically liable for fraudulent transactions above a $50 limit. The phone companies are not. Figuring out whether or not the marginal cost to the phone company was comparable to $52k (they're probably paying some other company to call Bulgaria) is complicated. But I'll agree that it's likely much less, whereas the marginal cost to the CC company is the numeric amount. But really I think the liability protection has made the biggest difference in how attentive CC companies are to these things. Other practices aside, this is something that most CC companies do very well in striking a balance between usability and minimizing fraud.