Is the hack more important than the hacked?

Is the hack more important than the hacked?

Summary: It's not very often that a company gets hacked and then agrees to talk about the incident, so when the finance director of a Sydney-based firm asked if I would be interested in writing a story about a security breach that cost him AU$9,000, I grabbed the opportunity.The finance director, let's call him Ken, only realised there was a problem when his telephone provider called to say there had been an unusually high volume of international calls.

SHARE:
TOPICS: Security
0

It's not very often that a company gets hacked and then agrees to talk about the incident, so when the finance director of a Sydney-based firm asked if I would be interested in writing a story about a security breach that cost him AU$9,000, I grabbed the opportunity.

The finance director, let's call him Ken, only realised there was a problem when his telephone provider called to say there had been an unusually high volume of international calls.

When he looked at the call logs he saw hundreds of outgoing calls to countries in Africa, South America and Eastern Europe. In just one week these calls had notched up a relatively massive bill.

Everyone I have spoken to about this hack -- including a vendor, reseller, security analyst and IT manager -- told me that these types of hacks happen all the time. They said that telephone switches are a relatively easy target because most companies don't see them as a risk and they rarely have the in-house skills to properly secure them.

Ken, who is not an IT guy, told me he had no idea this kind of thing was possible. His motivation for speaking to me was that he hoped other companies would learn from his experience and make sure that they didn't make it easy for criminals to take advantage of their PABX.

I agreed to keep his identity -- and the identity of the company -- hidden. Not because he was embarrassed about being exploited by fraudsters, but because he wanted the story to be about the hack, not the hacked company.

As it happens, the story seems to have struck a chord with ZDNet Australia readers as it has become one of the most popular stories this month.

Because of Ken's confession, there are most likely far fewer unsecured PABX systems out there. I wonder if the message -- secure your PABX -- would have been lost in the hype had it been widely known that the hacked company was the one responsible for running this site -- CNET Networks Australia?

Topic: Security

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion