14 DAY TRIAL // A Canadian company was left with a $43,000 phone bill after an unknown hacker broke into its voicemail system and made hundreds of calls to Bulgaria. The owner of the company argued that the phone network should have alerted him about the unusual high number of long-distance calls.
Alan Davison, the owner of Winnipeg based HUB Computer Solutions, called Manitoba Telecom Services (MTS) on December 7 after noticing strange “feature 36” messages appearing on his phone screen. He was then warned of a high volume of long-distance calls registered on his company's account, and was referred to the network's fraud division.
Mr. Davison only realized the extent of the damage when he received a bill for $52,359.59 (Canadian dollars) on December 17, that showed a massive amount of phone calls made to Bulgaria between between November 21 and December 9. “If we hadn't called them and made them aware of the issue, I wouldn't have been looking at a $52,000 bill; I'd be looking at well over a $100,000 bill,” the upset businessman commented.
Davison compared the incident to credit card fraud cases, and pointed out that a credit card company would immediately alert you if it noticed unusually high charges. In his opinion, such consumer protection checks should also apply to phone companies, even though he knew that he could not hold MTS responsible for the security breach. The businessman also noted that, unfortunately, he might be forced to fire an employee in order to afford paying the bill, which would normally amount to around 500$ each month.
The security expert that was hired by Davison's company to look into how the security of the telephone system had been breached concluded that the most likely cause was the 4-digit only password used for outbound access. “But how many voicemail systems give you an option of having as secure a password as you would get on a personal computer? Not many I would wager,” Graham Cluley, senior technology consultant for anti-virus vendor Sophos, wrote on his blog.
According to CTV, a spokesman for MTS gave assurances that the phone company would work out something that would be mutually agreeable to HUB Computer Solutions and Mr. Davison. Security experts claim that such incidents are not common occurrences and that companies are more likely to be targeted than individuals, because the hacker needs both a line in and a line out open at the same time, which is not common for home setups.