Phreakers are using security loopholes in PBX systems to make international calls at the expense of businesses in Western Australia.

Telephone system hackers are exploiting the call forward function on older PBXs to make expensive international phone calls at virtually no cost to themselves, WA police warn. In one case a internet-based PBX system in Perth was used to make 11,000 international calls in the space of 46 hours.

The firm only became aware of the attack after a A$120,000 bill landed on their doorstep. Det Sgt Jamie McDonald told The WestAustralian that smaller businesses were being targeted in the ongoing attacks.

McDonald urged firms to take appropriate security precautions. “Most businesses are prepared to install firewalls on their computers but fail to extend that level of security to their phone systems,” he said.

Phone phreaking is a far less publicised crime than computer hacking, but the results can be even more costly to victims than a virus infection or hacker attack, as the West Australian case illustrates. Cybercrooks typically sell access to compromised systems through underground forums. ®

Related stories

• French Skyper freed after accidentally hacking bank's phone system (21 September 2012)

  https://www.theregister.com/2012/09/21/bank_of_france_phone_hacker/

• 'How I CRASHED my bank, stole PINs with a touch-tone phone' (18 September 2012)

  https://www.theregister.com/2012/09/18/dtmf_phone_system_hack_attack/

• DDoS crooks: Do you want us to blitz those phone lines too? (2 August 2012)

  https://www.theregister.com/2012/08/02/telecoms_ddos/

• Manila AT&T hackers linked to Mumbai terror attack - cops (28 November 2011)

  https://www.theregister.com/2011/11/28/philippines_at_and_t_terror_hack_arrests/

• Kiwi rugby rats warned to keep eye on the hacker ball (14 September 2011)

  https://www.theregister.com/2011/09/14/pabx_attack_while_rugby_on/

• SIM card hack suspect released on bail (25 September 2009)

  https://www.theregister.com/2009/09/25/jamaican_sim_card_hack_scam/

• New Windows virus attacks PHP, HTML, and ASP scripts (12 February 2009)

  https://www.theregister.com/2009/02/12/new_virut_strain/

• Blind phone phreaker coughs to harassment charges (2 February 2009)

  https://www.theregister.com/2009/02/02/phone_phreaker_plea/

• Phreakers seize government phone system (21 August 2008)

  https://www.theregister.com/2008/08/21/dhs_phonesystem_hacked/

• 911 phone phreakers face jail (19 November 2007)

  https://www.theregister.com/2007/11/19/911_phone_phreakers/

• VoIP phreakers establish thriving black market (22 March 2007)

  https://www.theregister.com/2007/03/22/voip_fraud/

• Hacker breaches T-Mobile systems, reads US Secret Service email (12 January 2005)

  https://www.theregister.com/2005/01/12/hacker_penetrates_t-mobile/

• Phreakers will rape and pillage your mobile (22 October 2004)

  https://www.theregister.com/2004/10/22/mobile_java_peril/

• Filipino phone phreakers foiled (20 July 2004)

  https://www.theregister.com/2004/07/20/filipino_phone_phreakers/

• Mob phreakers rule Vegas phone network (15 May 2001)

  https://www.theregister.com/2001/05/15/mob_phreakers_rule_vegas_phone/