Slashdot Mirror

← Back to Stories (view on slashdot.org)

Default Passwords Blamed In $55M PBX Hacks

Posted by ScuttleMonkey on from the god-sex-love dept.

An anonymous reader writes "The Washington Post is reporting that the US Justice Department has indicted three residents of the Philippines for breaking into more than 2,500 corporate PBX systems in the United States and abroad. The government says the hackers sold access to those systems to operators of call centers in Italy, which allegedly made 12 million minutes of unauthorized phone calls through the system, valued at more than $55 million. The DOJ's action coincides with an announcement from Italian authorities today of the arrest of five men there who are suspected of funneling the profits from those call centers to terrorist groups in Southeast Asia."

5 of 102 comments (clear)

  1. Yea well by Anonymous Coward · · Score: 3, Interesting

    Maybe governments should figure out its the 21st century out there, and stop treating phone traffic as a source of tax revenue, instead of treating it exactly like every other kind of electronic traffic (internet, bank transactions, etc), which is tax free the way it should be. Then those "terrorist groups" would suddenly find themselves out of profit.

    CAPTCHA: Rackets. How appropriate.

  2. Telcos suck by Anonymous Coward · · Score: 4, Interesting

    12 million minutes of unauthorized phone calls through the system, valued at more than $55 million.

    ... or a lot less.
    $5 per minute?!! Just to route some packets a bit farther?
    And then telcos wonder why IP phones are eating their lunch.

    Maybe they're using MAFIAA math... Each minute causes $5 worth of damage to their network...?

  3. Hacking? by EdIII · · Score: 5, Interesting

    These were default passwords on more than likely open ports. I would hardly call that hacking. That would be like walking by a house with an open door and saying you picked the lock by walking inside.

    One heck of an expensive lesson to the IT guys responsible. Never leave default passwords is Rule #1. Or at least in the top 3.

    1. Re:Hacking? by Anonymous Coward · · Score: 2, Interesting

      Aye, but trespassing is trespassing.

  4. Sue the people who neglected to change passwords? by kasperd · · Score: 2, Interesting

    Is it illegal to support terrorism by remiss? The people who left those default passwords have indirectly supported terrorists, even if it was unintentional. Can they be sentenced for that, should they be? I think they ought to be fined for it, but I don't think they deserve as harsh a punishment as the people who abused the systems for economical gain.

    --

    Do you care about the security of your wireless mouse?