Winnipeg Free Press - PRINT EDITION

Hacker makes costly calls

Local business on hook for $52K after phone password cracked

A local business owner is on the hook for a $52,000 phone bill after his voice-mail system was hacked and hundreds of calls were made to Bulgaria.

Alan Davison, who owns HUB Computer Solutions, noticed something was wrong when "feature 36" -- a message unknown to him -- kept popping up on his phone.

He called MTS and found that hundreds of calls were recently made to Bulgaria, racking up $52,321.14 in overseas long distance due Jan. 5.

"If I have to pay that whole bill out of my own pocket, I'm looking at having to lay off one of my employees," Davison said. "It's quite obvious something was right out of whack. There were hundreds of phone calls."

The MTS representative sent Davison an e-mail outlining how to protect his company from theft of long distance.

Davison also reported the phone bill to the MTS fraud department.

MTS spokesman Greg Burch couldn't confirm the details of Davison's case Wednesday night. Burch said generally MTS will accept responsibilty if fraud involves their equipment.

"If there is an instance of fraud, we're going to take a look at that and that might include reducing or eliminating the charges," Burch said. "If it's an instance where it's your own equipment, you've purchased third-party equipment, you're responsible for that equipment and for securing that equipment."

Unfortunately for Davison, his company owns the phone system. But, he pointed out, his system has industry-norm safeguards in place and he feels MTS should have notified him when his phone bill suddenly soared beyond its normal pattern.

A hacker gained access to Davison's company voice mail and used the outbound transfer option to place hundreds of phone calls between Nov. 21 and Dec. 9.

Davison has a four-digit password on the voice mail. That doesn't stop professional hackers, said Brett Rhodes, an expert in the field who runs SME Teleresources Inc. in Winnipeg.

"Some of these people are very, very knowledgeable in the area and over time they are pretty good at running different passwords," Rhodes said. He added that hackers don't gain access to company voice mails necessarily to avoid large long distance bills. They often use a company's phone system to avoid being tracked by the police, he said.

"It becomes difficult to trace the call back. Anyone looking at that call would think that call came from HUB Computers," Davison said. "If there was any surveillance by law enforcement, it would not be traced back to the origin."

Davison brought Rhodes into his business on Dec. 15 to look at the voice-mail system's security. Rhodes said a good safeguard is to block any overseas calling and prohibit outbound transfers.

"In this era where we are carrying so many passwords in our head for ATM cards, Internet access, a lot of people go to a very simple password on their voice mail box not realizing there are people who have nothing better to do than dial in and break into mailboxes," Rhodes said.

While Davison had a password on his voice mail, he didn't even know the other options existed. He said that MTS should make their clients aware of the safeguards and that phone fraud exists.

"If the police know there are certain types of thefts going on in a neighbourhood, they make the neighbourhood aware," Davison said. "I don't think MTS stepped up to the plate and did their due diligence and gave notice to the community this was happening."

Davison is also shocked that, when his bill skyrocketed from only a few hundred a month to more than $52,000, MTS didn't notify him.

Credit card companies will usually call clients if out-of-the-ordinary charges show up, he noted.

"Why don't they have a system in place that will flag a company that doesn't make overseas calls that all of a sudden makes $52,000 worth?" Davison asked. "What's really getting me is that I know of at least one other company in town that had the same thing happen to them a few months ago."

Burch said MTS doesn't have the resources to monitor billing like a credit card company does when large purchases are made.

"It's not always possible to track everyone's billing and make determinations about what may or may not be going on," Burch said. "I'm not going to dispute this person didn't make these calls, but speaking generally, we're just not in a position to monitor everyone's minute-to-minute billing."

meghan.hurley@freepress.mb.ca

Republished from the Winnipeg Free Press print edition December 18, 2008 A4

You can comment on most stories on winnipegfreepress.com. You can also agree or disagree with other comments. All you need to do is register and/or login and you can join the conversation and give your feedback.

Have Your Say

New to commenting? Check out our Frequently Asked Questions.

The Winnipeg Free Press does not necessarily endorse any of the views posted. By submitting your comment, you agree to our Terms and Conditions. These terms were revised effective April 16, 2010.

letters

Make text: Larger | Smaller

LATEST VIDEO

Jets aren't dead (quite) yet

View more like this

Photo Store Gallery

  • June 24, 2012 - 120624  -  Amusement riders on the last day of The Ex Sunday June 24, 2012.    John Woods / Winnipeg Free Press
  • JOE BRYKSA/WINNIPEG FREE PRESS Local- A large osprey lands in it's nest in a hydro pole on Hyw 59  near the Hillside Beach turnoff turn off. Osprey a large narrow winged hawk which can have a wingspan of over 54 inches are making a incredible recovery since pesticide use of the 1950's and  1960's- For the last two decades these fish hawks have been reappearing in the Lake Winnipeg area- Aug 03, 2005

View More Gallery Photos

Poll

Would you like to live in a new 42-storey downtown highrise?

View Results

View Related Story

Ads by Google