Apprentice hacker rings up large phone bill

An “apprentice” hacker broke into the PABX system of John James Hospital in Canberra, Australia, last week and made more than A$5,000 (US$3,850) worth of international calls.

The calls, made primarily to South America and the Asia/Pacific region between Wednesday March 22 and Thursday March 23, were stopped only when a Telstra account executive called the hospital’s administrators to notify them of the irregular long-distance calls. Consequently service from the PABX was barred.

Director of finance and corporate services at John James Hospital, Tina Dewis, said the police and internal IT staff were able to sift through the telephone logs to discover that someone had hacked into the system, sussed out the four-digit passwords and made the calls.

“I am glad our account manager picked up the [call pattern] because we usually wait for bill to arrive … apparently someone started making calls at 1am Tuesday until the ban was placed on the PABX on Wednesday afternoon,” Dewis said.

“The stuff our internal IT guy does is fairly ordinary and his eyes glazed over when he got the chance to put his expertise to use. We now have removed the ability to dial into the PABX, turning the modem off and removing numerous functions.

“The information we have received from our hardware people is that it was not done by a hardcore hacker but a hacker in training. I guess that’s what they do to try different things out and get their confidence up as they have gone in and played around and have not done any other damage apart from the financial impact.”

Dewis said dial-in attempts are still being made to the affected number, leading her to consider whoever has the original PABX number is still attempting to defraud the hospital.

An ACT Police spokesman said it was the first big attack of its kind in Canberra this year.

John James Hospital will lodge a formal report to police when they receive a situation report from Telstra. Dewis said the hospital doesn’t hold a lot of hope the attackers can be traced.



Related Download
2016 Cisco Annual Security Report Sponsor: CompuCom
2016 Cisco Annual Security Report
Download The Cisco 2016 Annual Security Report for a closer look at how security professionals should respond to threats.
Register Now