Perth firms phreaked by VoIP hackers

WA Police warns businesses to change passwords.

Western Australia Police has warned the state's businesses to change passwords and cap international calls on enterprise VoIP networks, after investigating several cases of scammers hacking the networks to commit fraud.

The WA Police said three businesses have reported their VoIP networks hacked by opportunists using the networks to make calls to international numbers offering premium voice services - often owned by the attacker.

In total, the three businesses were set to have suffered losses of some $70,000 from the attacks.

Similar methods were used in early 2009 in an attack that caused one small business to run up a $120,000 bill.

The WA Police Technology Crime Investigations Unit said that phone hacking or 'phreaking' occurs when hackers gain access to a company's VoIP PABX to make calls - usually overnight or on weekends when the calls can go unnoticed.

"Many businesses have only the most basic security in place such as factory default access pins or passwords and as such they are easy pickings for criminals," the WA Police said in a statement.

Senior Constable Paul Litherland of the Technology Crime Investigation Unit warned businesses to "remain extremely vigilant" to ensure attempts to attack their online telecommunications networks are unsuccessful, as the Police are relatively powerless to prevent the fraud.

"As these criminals are working overseas and using quite elaborate methods to avoid detection, Western Australia Police find it difficult to identify or prosecute the persons responsible," the law enforcement agency said in a statement.

Litherland said business owners should:

• Change passwords and prefixes that cannot be easily guessed,
• Place caps on the number of calls that can be made over any given period.
• Bar calls to international locations the company does not contact.
• Have systems in place to detect suspicious activity.