By Eric Klein

In todays news there are headlines showing the darkest side of telecom fraud:

Although the titles are different, the source and the story is all the same. The Philippine National Police Criminal Investigation and Detection Group (CIDG) put out a press release explaining how joint operatives from the CIDG and the United States Federal Bureau of Investigation (FBI) have busted a group of Filipino hackers whose operation is allegedly being financed by a Saudi-based terrorist group.”

This operation was in response to a complaint filed by AT&T about the hacking of AT&T customers PBXs.

“ATCCD chief, Police Senior Superintendent Gilbert Sosa said the ‘hackers in Manila were being used by the Zamirs terrorists group to hack the trunk-line (PBX) of different telecommunication companies including the AT&T. Revenues derived from the hacking activities of the Filipino-based hackers were diverted to the account of the terrorists, who paid the Filipino hackers on a commission basis via local banks.

Sosa said that FBI agents who have been investigating incessant hacking of telecommunication companies in the US and in the country since 1999 have uncovered paper trail of various bank transactions linking the local hackers to the Saudi-based cell whose activities include financing terrorist activities.”

AT&T has made it clear that it was not hit directly. Jan Rasmussen, a spokeswoman for AT&T, said the company wrote off some fraudulent charges that appeared on customer bills. She declined to elaborate or comment on the $2 million figure.

The Guardian article adds:

“Though the FBI declined to give official details of how the group took the money, one person familiar with the situation said that the hackers broke into the phone systems of some AT&T customers and made calls to international premium-rate services whose payments would be diverted.

Such scams are relatively common, often involving bogus  premium-service  phone lines set up across Eastern Europe, Africa and Asia. Fraudsters make calls to the numbers from hacked business phone systems or mobile phones, then collect their cash and move on before the activity is identified. Telecommunications carriers often end up footing the bill for the charges.”

Now this is a long way from Captain Crunch and the original phone phreaks, and it is way beyond what Steve Jobs and Steve Wozniak did in using blue boxes to steal long-distance calls. In those cases it was the thrill of the geek being able to break the system.

But in hindsight, the progression from teens and college students playing for the thrill of it, to organized crime using calling cards or breaking into PBXs for premium numbers or pass-through fraud, to terrorists doing the same, is an easy progression to follow.

The lessons are easy to see no one can protect you if you do not take proactive action. Just like you are not protected from computer infections if you do not install anti-virus, if you do not protect your PBX, you can be exposed to millions of dollars in fraud and you could be helping terrorists. AT&T could not protect its customers even once it identified the fraud.

Eric Klein is vice president of sales and marketing at Humbug Telecom Labs . He has more than 20 years of experience in the telecom industry. In addition to his experience with MCI Communications (now part of Verizon) and Cellcom, he has served as a grant reviewer for the U.S. Department of Commerce Broadband Initiatives (BIP) Program and Broadband Technology Opportunities Program (BTOP).