Winnipeg Free Press - PRINT EDITION
Hacker makes costly calls
Local business on hook for $52K after phone password cracked
DAVID LIPNOWSKI / WINNIPEG FREE PRESS Alan Davison with a 50-page phone bill from MTS, detailing hundreds of calls to Bulgaria he never made.
Alan Davison, who owns HUB Computer Solutions, noticed something was wrong when "feature 36" -- a message unknown to him -- kept popping up on his phone.
He called MTS and found that hundreds of calls were recently made to Bulgaria, racking up $52,321.14 in overseas long distance due Jan. 5.
"If I have to pay that whole bill out of my own pocket, I'm looking at having to lay off one of my employees," Davison said. "It's quite obvious something was right out of whack. There were hundreds of phone calls."
The MTS representative sent Davison an e-mail outlining how to protect his company from theft of long distance.
Davison also reported the phone bill to the MTS fraud department.
MTS spokesman Greg Burch couldn't confirm the details of Davison's case Wednesday night. Burch said generally MTS will accept responsibilty if fraud involves their equipment.
"If there is an instance of fraud, we're going to take a look at that and that might include reducing or eliminating the charges," Burch said. "If it's an instance where it's your own equipment, you've purchased third-party equipment, you're responsible for that equipment and for securing that equipment."
Unfortunately for Davison, his company owns the phone system. But, he pointed out, his system has industry-norm safeguards in place and he feels MTS should have notified him when his phone bill suddenly soared beyond its normal pattern.
A hacker gained access to Davison's company voice mail and used the outbound transfer option to place hundreds of phone calls between Nov. 21 and Dec. 9.
Davison has a four-digit password on the voice mail. That doesn't stop professional hackers, said Brett Rhodes, an expert in the field who runs SME Teleresources Inc. in Winnipeg.
"Some of these people are very, very knowledgeable in the area and over time they are pretty good at running different passwords," Rhodes said. He added that hackers don't gain access to company voice mails necessarily to avoid large long distance bills. They often use a company's phone system to avoid being tracked by the police, he said.
"It becomes difficult to trace the call back. Anyone looking at that call would think that call came from HUB Computers," Davison said. "If there was any surveillance by law enforcement, it would not be traced back to the origin."
Davison brought Rhodes into his business on Dec. 15 to look at the voice-mail system's security. Rhodes said a good safeguard is to block any overseas calling and prohibit outbound transfers.
"In this era where we are carrying so many passwords in our head for ATM cards, Internet access, a lot of people go to a very simple password on their voice mail box not realizing there are people who have nothing better to do than dial in and break into mailboxes," Rhodes said.
While Davison had a password on his voice mail, he didn't even know the other options existed. He said that MTS should make their clients aware of the safeguards and that phone fraud exists.
"If the police know there are certain types of thefts going on in a neighbourhood, they make the neighbourhood aware," Davison said. "I don't think MTS stepped up to the plate and did their due diligence and gave notice to the community this was happening."
Davison is also shocked that, when his bill skyrocketed from only a few hundred a month to more than $52,000, MTS didn't notify him.
Credit card companies will usually call clients if out-of-the-ordinary charges show up, he noted.
"Why don't they have a system in place that will flag a company that doesn't make overseas calls that all of a sudden makes $52,000 worth?" Davison asked. "What's really getting me is that I know of at least one other company in town that had the same thing happen to them a few months ago."
Burch said MTS doesn't have the resources to monitor billing like a credit card company does when large purchases are made.
"It's not always possible to track everyone's billing and make determinations about what may or may not be going on," Burch said. "I'm not going to dispute this person didn't make these calls, but speaking generally, we're just not in a position to monitor everyone's minute-to-minute billing."
Republished from the Winnipeg Free Press print edition December 18, 2008 A4
- Rate this
-
-
We want you to tell us what you think of our articles. If the story moves you, compels you to act or tells you something you didn’t know, mark it high. If you thought it was well written, do the same. If it doesn’t meet your standards, mark it accordingly.
You can also register and/or login to the site and join the conversation by leaving a comment.
Rate it yourself by rolling over the stars and clicking when you reach your desired rating. We want you to tell us what you think of our articles. If the story moves you, compels you to act or tells you something you didn’t know, mark it high.
The comment period for this story has ended.
Ads by Google
- Back to Top
- Return to Local
-
CON >< CUSSIONS
Examining hockey head injuries
-
Random Acts of Kindness
Your encounters with goodness
-
Open Secrets
Red River students mine government data banks
-
Ski with WFP
Register here to ski Asessippi with the Winnipeg Free Press
-
Miss Lonelyhearts
Maureen Scurfield offers life advice
Poll
Most Popular
- Police reopen Osborne Street bridge
- Beating victim faces charges in Manitoba
- Greyhound apologizes for stranding passengers
- Hero's welcome for Montgomery
- Lies and damned lies: China abandons gymnast who competed under age at Olympics
- How much would you pay for a front-row ticket to Simon & Garfunkel?
- Will Bettman tear down Sun Belt wall?
- Lesbian teen faces classmates after school cancels dance over her request to bring girlfriend
- Crusader up for Nobel Prize
- Six-year-old leads RCMP to attacker
- Crusader up for Nobel Prize
- Police shoot and kill suspect
- From poster couple to problem couple
- Manitoban wheelchair-user badly beaten in Australia
- Six-year-old leads RCMP to attacker
- Musician's mother dies
- Woman injured after being struck by train
- Gang showdown 'imminent'
- School slapped for bully's actions
- On second thought, some mistakes are beyond stupid
- Olympic-sized hypocrisy
- Crusader up for Nobel Prize
- Not wrong, just illegal
- Teacher's lapdance caught on tape, watched by world
- Students could be punished
- Is this the worst Olympics ever?
- Second video of lap dance uncovered
- Missing Stonewall man found dead
- What should happen to two teachers who performed a sexually suggestive dance routine in front of students?
- Two winners for $50 million Lotto Max jackpot
- Greyhound apologizes for stranding passengers
- Sinclairs want Manitobans to have access to inquest
- Cabbies don't like mandate for side shields in their taxis
- Consultant makes intervener pitch
- Cousin sentenced to 7 years for stabbing death
- Stranded on the side of the road
- Judge doesn't believe accused's story
- Will Bettman tear down Sun Belt wall?
- Lesbian teen faces classmates after school cancels dance over her request to bring girlfriend
- Other provinces leery about withholding public services due to religious garb
- Police shoot and kill suspect
- Wielding a weapon costs a life
- Greyhound apologizes for stranding passengers
- You can't keep grandpa from seeing baby despite childish family dynamics
- Aboriginal elders removed from court on Hydro hearing
- Lesbian teen faces classmates after school cancels dance over her request to bring girlfriend
- Gang showdown 'imminent'
- Looters target family's home
- Explore drug aids before giving up sex
- First Nations people pack courtroom
- Teacher's lapdance caught on tape, watched by world
- MP may regret taking aim at Christian youth centre: Mayor Katz
- Students could be punished
- Police shoot and kill suspect
- Second video of lap dance uncovered
- More ominous issue underlies Youth for Christ flap
- Wielding a weapon costs a life
- Mounties hook ice-fishers for open beer
- Youth centre sparks dispute
- Canadian women's hockey team stunned by reaction to post-gold party
- BC Hydro selects 19 projects for first clean power purchase agreements
- Iceland airline bullish about Winnipeg
- Exclusive: Holy folk!
- Province to fund treatment to prevent, reduce eye damage
- Egg board embraces chicken emancipation
- Students to get taste of homeless life
- Grain handler forecasts growth
- A hero's welcome
- Nutrition mission
- Small moments of joy are not so easy to find
- Socialism for the rich is Tory way
- Manitoban wheelchair-user badly beaten in Australia
- Indian Act changing to treat descendants equitably
- Cabela's to open across Canada
- Iceland airline bullish about Winnipeg
- Gang showdown 'imminent'
- Schooling future soccer stars
- Native investment firm buys jet
- It’s The Sounds of Silence, unless you have big bucks
- When helmets don't help
- Text of Shane Koyczan's opening ceremonies poem, "We Are More"
- Teacher's lapdance caught on tape, watched by world
- Olympic-sized hypocrisy
- Cabela's to open across Canada
- Oprah's on, and so is our Jon!
- Not wrong, just illegal
- Online drug pioneer tumbles
- Mounties hook ice-fishers for open beer
- No listings for buyers flooding the housing market
- Second video of lap dance uncovered
PREVIOUS
8 Comments
Posted by: paulR
December 19, 2008 at 2:57 PM
doing the math, from 11/21 - 12/9, there are 25,920 minutes. if the hacker was on the phone the whole time, the rate to bulgaria would be $2.00/minute. i checked with my long distance carrier (land line) and my rate to bulgaria is $0.221/minute. (and that's american $!). seems like there is room to negotiate with MTS. i'm curious how much a minute he was in fact billed.
Posted by: Hexbomber
December 19, 2008 at 1:01 PM
The free press really needs to get their stories straight. It's called a phone phreak. Not a hacker! This guy probably picked his birthday, or address as a password, or even left it at the default. Hackers are now often taking the blame for human stupidity. Edited.
Posted by: threeson
December 19, 2008 at 10:08 AM
MTS has known that this crime has been going on for how long ? And has done nothing to inform or protect their own clients? How about a press release or simple bill insert? Why does it take a man like Davison to give the public a heads-up? For Greg Burch to say MTS does not have the resources to implement something like software program to monitor calling/billing patterns is pitiful. Their projected revenues for 2009 are 1.98 Billion.
Posted by: C
December 18, 2008 at 7:50 PM
"Unfortunately for Davison, his company owns the phone system.".... Not MTS' equipment, not their problem. Far as I know MTS is not a charity. He should pay the bill, I don't want to pay for his on mine.
Posted by: LG
December 18, 2008 at 5:58 PM
I think that the third commenter didn't read the article. It's a regular phone system they are talking about. At least from the sounds of it. They don't actually specify. But usually, if it's MTS Mobility, they'll say MTS Mobility :)
Posted by:
December 18, 2008 at 3:18 PM
"$52,000 worth of long distance? That's fraud in itself. Funny how Shaw can offer 1000 minutes a month of FREE international long distance...and VOIP providers have flat rate fees. Take Skype, for example. They charge $0.078/minute for calls to Bulgaria. http://www.skype.com/prices/callrates/ Yep, MTS is definitely defrauding their customers by charging absurd fees for long distance service. What a bunch of crooks!" Shaw offers cell service now? Did you even read the article?
Posted by:
December 18, 2008 at 1:41 PM
$52,000 worth of long distance? That's fraud in itself. Funny how Shaw can offer 1000 minutes a month of FREE international long distance...and VOIP providers have flat rate fees. Take Skype, for example. They charge $0.078/minute for calls to Bulgaria. http://www.skype.com/prices/callrates/ Yep, MTS is definitely defrauding their customers by charging absurd fees for long distance service. What a bunch of crooks!
Posted by:
December 18, 2008 at 9:40 AM
This is why people are terrified of hackers - there seems to be no recourse. Oh - it happened. Sorry.....here's your bill. Pitiful.