Smart hackers who understand how always-connected devices work — and who know how to exploit the various security bugs found in operating systems — are capable of infecting mobile devices with malware that can of incur costs and/or steal data. They can do this using a number of methods: By grabbing personal data in sophisticated attacks targeting retail store chains and banks, conducting advanced online phishing attacks, or stealing money directly from ATMs, to name just a few of the recent security threats detailed by various reports.
There are also other attacks that involve attacking a much simpler kind of technology: Regular landline phone networks belonging to businesses that can be used in order to generate billions in illicit revenue, The New York Times has learned.
A seven-person architecture firm ran up a $166,000 phone bill in a single weekend last March, even though nobody was at the office at the time. What really happened is that hackers broke into the company’s phone network, and then placed thousands of calls to premium numbers outside the U.S., in markets such as Gambia, Somalia, Maldives and other markets.
This appears to be a booming business for certain individuals, as fraudulent calls cost victims $4.73 billion globally last year, up from almost $1 billion in 2011.
The hackers are apparently leasing premium-rate phone numbers that are making more than $1 per minute, out of which as much as $0.24 goes to the company that leases those numbers. And there are some 85 companies that lease such numbers currently, up from just 17 in 2009.
Then, hackers break into a company’s phone system and make calls over weekends to their premium numbers, using high-speed computers to place hundreds of calls simultaneously in order to significantly drive up the costs.
Finally, they’re able to collect the payout via Western Union, MoneyGram and wire transfers.
Companies hit in such manners that deal with major carriers can rest assured that the operator will generally cover the most part of charges —they’ll still have to pay a few thousand dollars apparently — but businesses that have phone deals with smaller carriers might not be as lucky.
In 2012, 26 small businesses around Albany were similarly hit, with phone bills going up to $200,000 per business following such fraudulent charges.
Small companies often neglect protecting phone networks, as they’re not aware that the Internet-connect networks are susceptible to attacks.
“It’s relentless,” TransNexus founder Jim Dalton. “If you put a computer on the Internet, it immediately starts getting probed for a weak point.”
“People don’t realize their phone is a six-figure liability waiting to happen,” Dalton, whose company sells Internet calling management software, further added.
As for catching the bad guys, that’s apparently very difficult for law enforcement agencies. “[The] crime can cross as many as three jurisdictions,” the Times says. “In 2011, the Federal Bureau of Investigation and police in the Philippines arrested four men who used the scheme to make $2 million in fraudulent calls; revenue was directed to a Saudi Arabian militant group that United States officials believe financed the 2008 Mumbai terrorist bombings.”