Police say hackers stole phone time from AT&T, others
An Italian magistrate has issued an international arrest warrant for a Filipino hacker suspected of causing millions of dollars of losses to telecommunications multinationals, and Italian police have arrested five Pakistani nationals accused of exploiting the hacker's work to defraud the telecom companies, officials in the northern city of Brescia said Friday.
The Filipino hacker was part of a group that allegedly penetrated the IT systems belonging to customers of major telephone companies, including AT&T, to steal access codes for international phone calls that he then sold to the group of Italy-based Pakistanis who ran a network of public phone centers. Police declined to identify the hacker by name, saying only that he was a 27-year-old male living in the Philippines.
The Pakistanis offered cut-price calls to their clients by piggy-backing on the PBXs (private branch exchanges) of commercial companies in the United States, Australia and Europe, Italian officials said. The Filipino hacker allegedly sold the access codes that enabled users to take control of the exchanges at US$100 per code, and the codes were then sold on to other users, they said. Some of the illegal profits were allegedly sent to finance the activities of Islamist extremists in Pakistan and Afghanistan, the officials said.
Police identified Zamir Mohammad, 40, the manager of a phone center in Brescia, as the principal buyer of the Filipino's allegedly illegally acquired access codes. Mohammad was responsible for exploiting the codes and selling them on to other telephone service operators in Italy and Spain, police said. On Friday the U.S. Department of Justice unsealed an indictment charging Mahmoud Nusier, 40, Paul Michael Kwan, 27, and Nancy Gomez, 24, all currently residing in the Philippines, with unauthorized computer access and wire fraud. They were arrested on March 10, 2007.
The five Pakistanis arrested in Italy are phone-center manager Mohammad, Shabina, Kanwal, 38, Ahmed Waseem, 40, Zahir Shah, 39, and Iqbal Khurram, 29, the U.S. Department of Justice said.
As well as making the arrests, police seized 10 phone centers Friday in northern and central Italy and raided 16 properties belonging to Pakistani and Moroccan nationals suspected of links to the telephone pirates.
The investigation began in May 2007 following a tip off from the FBI that a group of hackers based in the Philippines had violated the IT security of major international phone companies. The group was allegedly headed by Nusier, a Jordanian, Italian police said.
"Italy's antiterrorism police and the FBI are still investigating the group's activities in Spain and Switzerland," Brescia police spokeswoman Sara Del Rosario said in a telephone interview. During the five years the scam was operating, Mohammad allegedly sent some €400,000 (US$560,000) to an Islamic charity run by Jamal Khalifa, a brother-in-law of al Qaida leader Osama bin Laden, Del Rosario said. Khalifa, who was killed in Madagascar in 2007, was suspected, among other things, of funding the Abu Sayyaf group, an organization of Muslim extremists operating in the Philippines.
Many of the calls from the phone centers were made to conflict hotspots in the Middle East and Asia, Del Rosario said. "The stolen access codes offered the added advantage of anonymity to the callers, in violation of Italy's 2005 antiterrorism law," she said.
The biggest victim of the hackers was AT&T Corp., which estimated its losses to the organization since 2003 amounted to US$56 million, Brescia police said in a prepared statement. Other companies targeted by the group were not identified by name.
AT&T was not itself hacked. According to the indictment, Nusier, Kwan, Gomez and others hacked the PBX (private branch exchange) phone systems of several U.S. companies -- some of them AT&T customers -- using what's known as a "brute force attack" against their phone systems. They were allegedly paid $100 per hacked telephone system.
More than 2,500 companies in the U.S. Europe, Canada and Australia were hacked, authorities say.
In this type of attack, the hacker calls into the telephone system over and over trying to find an extension with a default or easy-to-guess password. They would take over the hacked PBX system and use it to place international calls often connecting to the phone systems for hours at a time while dialing out making long-distance calls.
The criminals could simply route long-distance calls through the hacked systems, or use these systems to "loop back" and connect both parties. Either way, they were able to make long-distance calls for far less than regular toll rates. The hacked company would see its phone bill skyrocked.
Hacking tools such as Warvox can be used to find vulnerable PBX systems, said Lance James, chief scientist at Secure Science. Using this loop-back technique, criminals would need to make just a short initial call to the phone system in order to place a long distance call of any duration, he said. "They only pay for that connect charge for less than 30 seconds and they are making almost pure profit off of that."
The hackers would send PBX numbers and passcodes to the Brescia call center, which would in turn wire money back to them, the indictment states. Numbers and passcodes were then sent to other call centers, including at least one in Spain. In total, about 12 million minutes of telephone calls were siphoned off of these hacked phone systems, with victim companies and carriers like AT&T left to bear the costs.