The hacker was able to compromise a voice mail system within the agency's officed in Maryland. The compromised line was then used to place some 400 long-distance calls, according to reports.
A FEMA spokesperson told the Associated Press that the calls were made to a number of countries in the Middle East and Asia, including India, Yemen, Afghanistan and Saudi Arabia. The hack was later discovered by Sprint, which then blocked outgoing calls from the number.
The security shortcoming was traced back to a known flaw in the voicemail system which had even sparked a bulletin from the Department of Homeland Security in 2003.
Though a fix for the hole had been available for several years, the vulnerability was left open when a contractor installed an upgrade to the system.
FEMA said that the hole has since been fixed.
FEMA foots big bill from phone phreak
By Shaun Nichols on Aug 22, 2008 3:11PM