Login:
Password:
Lost Password?
Print this article  |  E-mail this article  |  Comment on this article

'Contractor error' suspected in $12,000 FEMA phone hack

By Jacqueline Emigh, BetaNews

August 21, 2008, 6:08 PM

FEMA is now investigating a hack attack against its voice mail system that racked up $12,000 in international calls, with preliminary evidence indicating that "contractor error" was probably involved.

Debbie Wing, a spokesperson with the US Federal Emergency Management Agency, told BetaNews today that the government agency -- which is part of the US Dept. of Homeland Security -- first noticed "inappropriate" calling patterns on Saturday, August 16.

The unauthorized calls to the Mideast and Asia were placed through FEMA's voice mail system in Emmittsburg, MD. Wing said she didn't know, though, whether the calls began on Saturday or some time prior.

After becoming aware of the calls, FEMA staff notified the agency's security operations center. The agency immediately starting blocking all international calls, as well as monitoring all long distance calls, from FEMA's National Emergency Training Center in Emmitsburg, Wing said.

The spokesperson confirmed that FEMA recently installed a new PBX voice mail system. Preliminary evidence from an internal investigation still in progress points to involvement of "contractor error" or some other type of user error, she said.

"This will not happen again. We've taken steps to make sure that our entire telecommunications system is in a secure state," BetaNews was told.

Add a Comment (4 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By PostDeals

posted Aug 24, 2008 - 10:13 PM

Hey at least it wasn't 3 - 5 days to react like they did with Katrina.

Score: 0

By rhj491

edited Aug 23, 2008 - 10:46 PM

FEMA should be greatly relieved that their toll fraud costs were as small as $12,000, since it's common for such incidents to accumulate hundreds of thousands of toll fraud in a few days. Communications fraud is a big issue for enterprises and phone carriers, see the Communications Fraud Control Association data at http://www.cfca.org.

Attacks against phone systems are truly "old school", but still very prevalent and successful. More troubling than toll fraud attacks, are phone system attacks to gain "back door" access to the data network via modems - whether target modems are authorized, but improperly secured, or rogue modems installed to allow employees to have unmonitored dial up Internet access from the office.

Many of leading-edge enterprises and Federal agencies (not yet including FEMA) have realized the need to lock down their voice networks with special purpose voice firewalls to monitor/control phone traffic in real time, in the same manner that they protect all of their internet connections.

One easy-to-launch attack via the unprotected phone network can negate (and circumvent) the substantial investment made in data network security.

Score: 0

By Scary Guy

posted Aug 22, 2008 - 7:57 AM

FEMA can't get anything right, this really isn't news to anyone.

Someone probably social engineered their way in or maybe it was the contractor themselves.

Calls to the middle east? It would be funny (although unfortunate) if the terrorists were using our own federally funded agency against us which is a division of homeland security.

Score: 0

By mjm01010101

edited Aug 21, 2008 - 6:32 PM

"We will do our best to ensure this will not happen again. We've taken steps to make sure that our entire telecommunications system is in as secure a state as---wow! monkeys can push buttons!"

Fixed the quote for ya.

Score: 0

Dec 1 - 9:34 PM ET Alltel breaks in a mobile wallet with mFoundry

Dec 1 - 7:38 PM ET Intel tries to turn the tables on AMD in document discovery dispute

Dec 1 - 6:59 PM ET Palm to restructure yet again, may cut more jobs

Dec 1 - 4:58 PM ET Blockbuster downloads headed for more devices via Live Mesh

Dec 1 - 4:55 PM ET AOL's PlaySavvy speaks to game-shy parental units

Dec 1 - 4:41 PM ET Less bad news than anticipated for the semiconductor industry in 2008

Dec 1 - 3:51 PM ET 'Xohm' makes way for 'Clear,' as Sprint/Clearwire merger moves ahead

Dec 1 - 2:01 PM ET Chasing down the latest Cyber Monday tech deals

Dec 1 - 12:50 PM ET Will 'Cyber Monday' fare better than a weak 'Black Friday?'

Dec 1 - 12:38 PM ET Microsoft Cashback goes offline to Black Friday shoppers