RSS'Contractor error' suspected in $12,000 FEMA phone hack
By Jacqueline Emigh | Published August 21, 2008, 6:08 PM
FEMA is now investigating a hack attack against its voice mail system that racked up $12,000 in international calls, with preliminary evidence indicating that "contractor error" was probably involved.
Debbie Wing, a spokesperson with the US Federal Emergency Management Agency, told BetaNews today that the government agency -- which is part of the US Dept. of Homeland Security -- first noticed "inappropriate" calling patterns on Saturday, August 16.
The unauthorized calls to the Mideast and Asia were placed through FEMA's voice mail system in Emmittsburg, MD. Wing said she didn't know, though, whether the calls began on Saturday or some time prior.
After becoming aware of the calls, FEMA staff notified the agency's security operations center. The agency immediately starting blocking all international calls, as well as monitoring all long distance calls, from FEMA's National Emergency Training Center in Emmitsburg, Wing said.
The spokesperson confirmed that FEMA recently installed a new PBX voice mail system. Preliminary evidence from an internal investigation still in progress points to involvement of "contractor error" or some other type of user error, she said.
"This will not happen again. We've taken steps to make sure that our entire telecommunications system is in a secure state," BetaNews was told.
Hey at least it wasn't 3 - 5 days to react like they did with Katrina.
Score: 0
FEMA should be greatly relieved that their toll fraud costs were as small as $12,000, since it's common for such incidents to accumulate hundreds of thousands of toll fraud in a few days. Communications fraud is a big issue for enterprises and phone carriers, see the Communications Fraud Control Association data at http://www.cfca.org.
Attacks against phone systems are truly "old school", but still very prevalent and successful. More troubling than toll fraud attacks, are phone system attacks to gain "back door" access to the data network via modems - whether target modems are authorized, but improperly secured, or rogue modems installed to allow employees to have unmonitored dial up Internet access from the office.
Many of leading-edge enterprises and Federal agencies (not yet including FEMA) have realized the need to lock down their voice networks with special purpose voice firewalls to monitor/control phone traffic in real time, in the same manner that they protect all of their internet connections.
One easy-to-launch attack via the unprotected phone network can negate (and circumvent) the substantial investment made in data network security.
Score: 0
FEMA can't get anything right, this really isn't news to anyone.
Someone probably social engineered their way in or maybe it was the contractor themselves.
Calls to the middle east? It would be funny (although unfortunate) if the terrorists were using our own federally funded agency against us which is a division of homeland security.
Score: 0
"We will do our best to ensure this will not happen again. We've taken steps to make sure that our entire telecommunications system is in as secure a state as---wow! monkeys can push buttons!"
Fixed the quote for ya.
Score: 0