Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

How Filipino phreakers turned PBX systems into cash machines for terrorists

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread		 This topic is archived.
Home » Discuss » General Discussion Donate to DU
 
DainBramaged Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Nov-30-11 01:20 PM
Original message
How Filipino phreakers turned PBX systems into cash machines for terrorists
A quartet of hackers based in the Philippines have allegedly bilked AT&T and possibly other telecommunications companies out of millions, which they channeled to their own bank accounts and to accounts associated with a terrorist organization. And apparently, AT&T helped them collect the money.

On November 24, the Philippine National Police's Criminal Investigation and Detection Group and the FBI staged raids in Manila, arresting Macnell Gracilla, Francisco Manalac, Regina Balura, and Paul Michael Kwan. The CIDG said in a statement that the hackers had been financed by Jemaah Islamiyah, a terrorist group that the FBI has said funded the November 2008 attacks in Mumbai. While few details have been offered up by AT&T or law enforcement, at least one of the the four has been involved in previous "phreaking," or phone hacking, of telecom customers' private branch exchanges (PBXs) in the past—and in fact was indicted in the US in 2009 for a similar crime. The arrests are part of an FBI effort to crack down on PBX hacking that dates back to 1999.

Kwan's success both times in turning corporate phone systems into virtual ATM machines for himself and a Pakistani partner were largely because of the horrific state of phone system security at many large organizations. In the 2009 case, Kwan and his cohorts didn't need to try very hard to break into PBX switches, because they still had the default password on them—and it's likely the same was true in this new case.

PBX hacking 101
The first step in turning someone else's phone lines into cash is to collect information about different PBX systems—getting hands on physical or digital copies of their manuals, and learning their dial-pad commands for remote access and default passwords. Kwan and the phreakers he worked with from 2005 to 2008 were able to use default passwords to gain access to many of the PBX systems they exploited.

http://arstechnica.com/tech-policy/news/2011/11/how-filipino-phreakers-turned-pbx-systems-into-cash-machines-for-terrorists.ars
Printer Friendly | Permalink |  | Top

Home » Discuss » General Discussion Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators

Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC