FEMA's PBX network hacked, over 400 calls made to the Middle East

FEMA's PBX network hacked, over 400 calls made to the Middle East

Summary: Someone's been chatting a lot during the weekend, but picking up FEMA's PBX network as their main carrier might not have been the smartest thing to do. Over 400 calls, lasting from three up to ten minutes were placed through their network, a breach made possible due to an insecurely configured Private Branch Exchange system :"A hacker broke into a Homeland Security Department telephone system over the weekend and racked up about $12,000 in calls to the Middle East and Asia.

SHARE:
TOPICS: Unified Comms
0

Someone's been chatting a lot during the weekend, but picking up FEMA's PBX network as their main carrier might notFEMA Logo have been the smartest thing to do. Over 400 calls, lasting from three up to ten minutes were placed through their network, a breach made possible due to an insecurely configured Private Branch Exchange system :

"A hacker broke into a Homeland Security Department telephone system over the weekend and racked up about $12,000 in calls to the Middle East and Asia. The hacker made more than 400 calls on a Federal Emergency Management Agency voicemail system in Emmitsburg, Md., on Saturday and Sunday, according to FEMA spokesman Tom Olshanski."

Calls were placed to exotic locations such as Afghanistan, Saudi Arabia, India and Yemen, with Sprint originally detecting the compromise and blocking all outgoing long-distance calls from the location. If you're to assume a zero day vulnerability was used in process you'd be wrong as an unpatched vulnerability is just as useful as a zero day one :

"At this point it appears a "hole" was left open by the contractor when the voicemail system was being upgraded, Olshanski said. Olshanski did not know who the contractor was or what hole specifically was left open, but he assured the hole has since been closed."

With no shortage of vulnerabilities allowing automated reconnaissance for easily exploitable systems to happen, perhaps if you were to assume that you would be targeted "in between" next to being exclusively targeted this wouldn't have happened, as I doubt this phreaker knew he was using FEMA's network in the first place.

Topic: Unified Comms

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion