August 21st, 2008

FEMA's PBX network hacked, over 400 calls made to the Middle East

Posted by Dancho Danchev @ 4:07 am

Categories: Governments, Hackers, United States of America

Tags: FEMA, DHS, VoIP, Private Branch Exchange, Dancho Danchev

Someone’s been chatting a lot during the weekend, but picking up FEMA’s PBX network as their main carrier might not have been the smartest thing to do. Over 400 calls, lasting from three up to ten minutes were placed through their network, a breach made possible due to an insecurely configured Private Branch Exchange system :

“A hacker broke into a Homeland Security Department telephone system over the weekend and racked up about $12,000 in calls to the Middle East and Asia. The hacker made more than 400 calls on a Federal Emergency Management Agency voicemail system in Emmitsburg, Md., on Saturday and Sunday, according to FEMA spokesman Tom Olshanski.”

Calls were placed to exotic locations such as Afghanistan, Saudi Arabia, India and Yemen, with Sprint originally detecting the compromise and blocking all outgoing long-distance calls from the location. If you’re to assume a zero day vulnerability was used in process you’d be wrong as an unpatched vulnerability is just as useful as a zero day one :

“At this point it appears a “hole” was left open by the contractor when the voicemail system was being upgraded, Olshanski said. Olshanski did not know who the contractor was or what hole specifically was left open, but he assured the hole has since been closed.”

With no shortage of vulnerabilities allowing automated reconnaissance for easily exploitable systems to happen, perhaps if you were to assume that you would be targeted “in between” next to being exclusively targeted this wouldn’t have happened, as I doubt this phreaker knew he was using FEMA’s network in the first place.