Feeds

Sprint cleared of negligence in vice hacks

Security no worse than any other telco

  • alert
  • submit to reddit

Providing a secure and efficient Helpdesk

The Nevada Public Utilities Commission pulled the plug Thursday on a Las Vegas adult entertainment operator's claim that telephone calls meant for his stable of private dancers are being blocked by hackers with access to local phone company Sprint of Nevada's systems, closing an eight-year-old legal battle that pitted the vanquished brokers of Sin City's competitive sex trade against the corporate legal muscle of a telecom giant.

"Having reviewed all of the evidence in the hearing, and taken a lot of thought and reviewed everything over and over again... in my opinion there is no evidence that Sprint has caused this to occur or has substandard security," said commission Adriana Escobar Chanos, recommending the case's dismissal to the full commission in a morning PUC agenda meeting.

Plaintiff Eddie Munoz first complained to the PUC in 1994 that the phone company was allowing mercenary hackers to cripple his business by diverting, monitoring and blocking his phone calls -- a complaint that's been echoed by private investigators, bail bondsmen and some of Munoz's competitors. In the years of testing and legal wrangling that followed, Munoz produced a wealth of anecdotal evidence, but no empirical proof to support his claim.

Munoz faulted Sprint for not cooperating in the testing, and had asked the PUC to order a new round of tests under close supervision, a plea the commissioners rejected Thursday.

The commission found that there wasn't sufficient evidence to believe that Munoz's problems were in Sprint's network, rather than in his own equipment, or at the hotel PBXs where most calls originate.

The ruling also rejected the recommendation of the PUC's own staff investigators, who, while arguing for the dismissal, had urged the commission to open a new docket to closely supervise Sprint's computer security practices. The recommendation would have forced the company to retain outside security consultants, launch a security training program for employees, develop a process for detecting and deterring intrusion attempts into its network, and begin documenting its security investigations.

In several days of hearings held earlier this year by Escobar Chanos, Sprint officials admitted that they'd lost or destroyed years of records in a reorganization of their security department, and that they permitted dial-up access into their switches for maintenance purposes with little logging. In June, ex-hacker Kevin Mitnick -- hired by Munoz as a consultant -- testified that prior to his 1995 arrest he had illicit control of the company's switching systems through the dial-ups, and also enjoyed unfettered access to a computerized testing system called CALRS that allows users to monitor phone lines and intercept or originate calls throughout Las Vegas.

A draft of the commission's final order in the case suggests that Escobar Chanos found Mitnick's testimony convincing, but that in some ways it actually hurt Munoz's case: the ex-hacker's own testing found no evidence of ongoing call diversion, and Mitnick testified that his access as a fugitive was not limited to Sprint's network, but included every phone company in every city where he'd holed up.

The draft order concludes that "Sprint's security is no better nor no worse than that of other telephone companies," and credits the company with taking "reasonable steps" to protect its network.

In an interview following the ruling, Munoz vowed to take his case to the federal courts. "What's a consumer supposed to do?... They sent a message across the United States that the telephone company can do whatever they want to do."

© 2002 SecurityFocus.com, all rights reserved.

New hybrid storage solutions

More from The Register

next story
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
TorrentLocker unpicked: Crypto coding shocker defeats extortionists
Lousy XOR opens door into which victims can shove a foot
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.