Local News
Winnipeg Free Press - PRINT EDITION
Hacker makes costly calls
Local business on hook for $52K after phone password cracked
DAVID LIPNOWSKI / WINNIPEG FREE PRESS Alan Davison with a 50-page phone bill from MTS, detailing hundreds of calls to Bulgaria he never made.
Alan Davison, who owns HUB Computer Solutions, noticed something was wrong when "feature 36" -- a message unknown to him -- kept popping up on his phone.
He called MTS and found that hundreds of calls were recently made to Bulgaria, racking up $52,321.14 in overseas long distance due Jan. 5.
"If I have to pay that whole bill out of my own pocket, I'm looking at having to lay off one of my employees," Davison said. "It's quite obvious something was right out of whack. There were hundreds of phone calls."
The MTS representative sent Davison an e-mail outlining how to protect his company from theft of long distance.
Davison also reported the phone bill to the MTS fraud department.
MTS spokesman Greg Burch couldn't confirm the details of Davison's case Wednesday night. Burch said generally MTS will accept responsibilty if fraud involves their equipment.
"If there is an instance of fraud, we're going to take a look at that and that might include reducing or eliminating the charges," Burch said. "If it's an instance where it's your own equipment, you've purchased third-party equipment, you're responsible for that equipment and for securing that equipment."
Unfortunately for Davison, his company owns the phone system. But, he pointed out, his system has industry-norm safeguards in place and he feels MTS should have notified him when his phone bill suddenly soared beyond its normal pattern.
A hacker gained access to Davison's company voice mail and used the outbound transfer option to place hundreds of phone calls between Nov. 21 and Dec. 9.
Davison has a four-digit password on the voice mail. That doesn't stop professional hackers, said Brett Rhodes, an expert in the field who runs SME Teleresources Inc. in Winnipeg.
"Some of these people are very, very knowledgeable in the area and over time they are pretty good at running different passwords," Rhodes said. He added that hackers don't gain access to company voice mails necessarily to avoid large long distance bills. They often use a company's phone system to avoid being tracked by the police, he said.
"It becomes difficult to trace the call back. Anyone looking at that call would think that call came from HUB Computers," Davison said. "If there was any surveillance by law enforcement, it would not be traced back to the origin."
Davison brought Rhodes into his business on Dec. 15 to look at the voice-mail system's security. Rhodes said a good safeguard is to block any overseas calling and prohibit outbound transfers.
"In this era where we are carrying so many passwords in our head for ATM cards, Internet access, a lot of people go to a very simple password on their voice mail box not realizing there are people who have nothing better to do than dial in and break into mailboxes," Rhodes said.
While Davison had a password on his voice mail, he didn't even know the other options existed. He said that MTS should make their clients aware of the safeguards and that phone fraud exists.
"If the police know there are certain types of thefts going on in a neighbourhood, they make the neighbourhood aware," Davison said. "I don't think MTS stepped up to the plate and did their due diligence and gave notice to the community this was happening."
Davison is also shocked that, when his bill skyrocketed from only a few hundred a month to more than $52,000, MTS didn't notify him.
Credit card companies will usually call clients if out-of-the-ordinary charges show up, he noted.
"Why don't they have a system in place that will flag a company that doesn't make overseas calls that all of a sudden makes $52,000 worth?" Davison asked. "What's really getting me is that I know of at least one other company in town that had the same thing happen to them a few months ago."
Burch said MTS doesn't have the resources to monitor billing like a credit card company does when large purchases are made.
"It's not always possible to track everyone's billing and make determinations about what may or may not be going on," Burch said. "I'm not going to dispute this person didn't make these calls, but speaking generally, we're just not in a position to monitor everyone's minute-to-minute billing."
Republished from the Winnipeg Free Press print edition December 18, 2008 A4
- Rate this
-
-
We want you to tell us what you think of our articles. If the story moves you, compels you to act or tells you something you didn’t know, mark it high. If you thought it was well written, do the same. If it doesn’t meet your standards, mark it accordingly.
You can also register and/or login to the site and join the conversation by leaving a comment.
Post Your Comment
The Winnipeg Free Press does not necessarily endorse any of the views posted. Comments are moderated before publication. By submitting your comments, you agree to our Terms and Conditions. New to commenting? Check out our Frequently Asked Questions.
-
Miss Lonelyhearts
Maureen Scurfield offers life advice
-
Tour de France
Follow the cyclists day by day with our interactive map.
-
Bite-sized Doug
Need more Doug? Buy his new book here
-
Blue Bomber Report
All of the latest on the Big Blue
-
Send us your videos
Upload videos to our site
-
Twitter
Follow our reporters and news feeds on Twitter
-
Editor's Bulletin
Sign up for daily bulletins
-
RSS Feeds
Sign up for your favourites
- Back to Top
- Return to Local News
Advertisement
PREVIOUS
Most Popular
- Bomber wide receiver Derick Armstrong absent from practice
- Police officer leaps out of the way as motorist accelerates through check-stop
- British spy chief's wife posts family details on Facebook
- B.C. man ready to die 21 years after Ont. fire burned 90 per cent of his body
- Flying by the seat of their pants
- The Winnipeg Drama Club
- Two men shot on Ross Avenue
- Montreal cops pelted by rocks as they try to help attempted murder victim
- Monorail crashes in Walt Disney World's Magic Kingdom, killing employee; train out of service
- Class of 2017
- Bomber wide receiver Derick Armstrong absent from practice
- Young man shot in North End
- The Winnipeg Drama Club
- Why is rapist in Canada?
- Crash sends three to hospital
- Motorcyclist dies after crash in Charleswood
- Tough questions, snappy answers
- 'She had a million-dollar smile'
- Tick... tick... tick
- America's promise still lives
- Flying by the seat of their pants
- Sunday Special: Triumph over tragedy
- A single act of bravery gave life to so many
- A few Q & As with THE CLASS OF 2017
- Growing up is a never-ending task
- Meet the class of 2017
- Welcome to the real world
- Grade 3 finds us...in the middle of the maze
- Peregrine falcon chicks take flight
- ER docs top salary list amid physician shortage
Ads by Google
8 Comments
Posted by:paulR
December 19, 2008 at 2:57 PM
doing the math, from 11/21 - 12/9, there are 25,920 minutes. if the hacker was on the phone the whole time, the rate to bulgaria would be $2.00/minute. i checked with my long distance carrier (land line) and my rate to bulgaria is $0.221/minute. (and that's american $!). seems like there is room to negotiate with MTS. i'm curious how much a minute he was in fact billed.
Posted by:Hexbomber
December 19, 2008 at 1:01 PM
The free press really needs to get their stories straight. It's called a phone phreak. Not a hacker! This guy probably picked his birthday, or address as a password, or even left it at the default. Hackers are now often taking the blame for human stupidity. Edited.
Posted by:threeson
December 19, 2008 at 10:08 AM
MTS has known that this crime has been going on for how long ? And has done nothing to inform or protect their own clients? How about a press release or simple bill insert? Why does it take a man like Davison to give the public a heads-up? For Greg Burch to say MTS does not have the resources to implement something like software program to monitor calling/billing patterns is pitiful. Their projected revenues for 2009 are 1.98 Billion.
Posted by:C
December 18, 2008 at 7:50 PM
"Unfortunately for Davison, his company owns the phone system.".... Not MTS' equipment, not their problem. Far as I know MTS is not a charity. He should pay the bill, I don't want to pay for his on mine.
Posted by:LG
December 18, 2008 at 5:58 PM
I think that the third commenter didn't read the article. It's a regular phone system they are talking about. At least from the sounds of it. They don't actually specify. But usually, if it's MTS Mobility, they'll say MTS Mobility :)
Posted by:
December 18, 2008 at 3:18 PM
"$52,000 worth of long distance? That's fraud in itself. Funny how Shaw can offer 1000 minutes a month of FREE international long distance...and VOIP providers have flat rate fees. Take Skype, for example. They charge $0.078/minute for calls to Bulgaria. http://www.skype.com/prices/callrates/ Yep, MTS is definitely defrauding their customers by charging absurd fees for long distance service. What a bunch of crooks!" Shaw offers cell service now? Did you even read the article?
Posted by:
December 18, 2008 at 1:41 PM
$52,000 worth of long distance? That's fraud in itself. Funny how Shaw can offer 1000 minutes a month of FREE international long distance...and VOIP providers have flat rate fees. Take Skype, for example. They charge $0.078/minute for calls to Bulgaria. http://www.skype.com/prices/callrates/ Yep, MTS is definitely defrauding their customers by charging absurd fees for long distance service. What a bunch of crooks!
Posted by:
December 18, 2008 at 9:40 AM
This is why people are terrified of hackers - there seems to be no recourse. Oh - it happened. Sorry.....here's your bill. Pitiful.