Phreakers take over FEMA phones – thousands lost to overseas calls

by Steve Ragan - Aug 21 2008, 11:46

The Associated Press is reporting that calls made overseas from a hijacked FEMA phone system racked up a $12,000 USD bill. The Department of Homeland Security has confirmed the FEMA phone system was cracked, and the calls all took place over the previous weekend.

Those of you who know the term 'Phreaker' and realize what happened to FEMA, should relax, and take a pause after laughing for a few minutes. If you are unsure what this is about, Phreakers are people who study, experiment with, and are just plain curious about telecommunication systems. They are smart, and are the reason behind many of the security systems in place today on the public telephone network.

According to the AP report, the DHS admitted that an individual, or a group of people, used a vulnerability in the newly installed FEMA Private Branch Exchange (PBX) to make about 400 calls to Afghanistan, Saudi Arabia, India and Yemen, as well as other countries. The resulting cost, $12,000 USD, is a huge price to pay for failing to act on a vulnerability report issued by the Department of Homeland Security in 2003, warning of the same sort of attack.

John Jackson, a St. Louis-based security consultant, told the AP this type of attack was “old school” and added that it was, “sort of embarrassing that it happened to FEMA themselves, FEMA being a child of DHS, with calls going to the Middle East.”

Sprint caught the hijacked calls, and stopped outbound long distance calling from the FEMA National Emergency Training Center in Emmitsburg, Md. However, by then the damage had been done.

FEMA is investigating the calls, and the blame is being placed on a hole in the PBX that was left open by a contractor.

If you want a little more information on Phreaking click here.

Around the Web