Daily cyber threats and internet security news: network security, online safety and latest security alerts
August 21st, 2008

Over 400 Calls Made Using Hacked Federal Emergency Management Agency PBX Network

A hacker broke into a Homeland Security Department telephone system over the weekend and racked up about $12,000 in calls to the Middle East and Asia. The hacker made more than 400 calls on a Federal Emergency Management Agency (FEMA) voicemail system in Emmitsburg, Md., on Saturday and Sunday, according to FEMA spokesman Tom Olshanski.

The calls, lasting from three up to ten minutes were placed through FEMA’s PBX network, a breach made possible due to an insecurely configured Private Branch Exchange system. FEMA is part of Homeland Security, which in 2003 put out a warning about this very vulnerability.

Calls were made to locations such as Afghanistan, Saudi Arabia, India and Yemen, with Sprint originally detecting the compromise and blocking all outgoing long-distance calls from the location. It appears that the vulnerability was left open by the contractor when the voicemail system was being upgraded. At this point is is unknown who the contractor was or what hole specifically was left open. The hole has since been closed.

It is possible that the hacker did not know he was using FEMA’s network in the first place. There is no shortage of vulnerabilities allowing automated reconnaissance for easily exploitable systems to happen. This type of hacking is low-tech and was popular 10 to 15 years ago. In 2003, Homeland Security and the FBI investigated multiple reports about private industry being breached by these types of hackers. “This illegal activity enables unauthorized individuals anywhere in the world to communicate via compromised U.S. phone systems in a way that is difficult to trace,” according to a department information bulletin from June 3, 2003.

FEMA’s chief information officer is investigating who hacked into the system and where exactly the calls were placed to.

Credit: AP, MSNBC

Share this item with others:

More on CyberInsecure:
  • US Government Contractor ManTech Hacked, Confidential Documents Stolen And Posted Online
  • Federal Aviation Authority Confirms 45,000 Employees Personal Records Stolen In A Breach
  • OSU Bookstore Online Customers Payment Information Stolen
  • Personal Records Stolen In Georgia Department
  • Houston Justice System Paralyzed By Conficker Worm

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Over 400 Calls Made Using Hacked Federal Emergency Management Agency PBX Network

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.