Commentary
FEMA Phones Get Hacked
If you are going to hack a phone system, do you really want to hack DHS? That's what happened this weekend when someone made hundreds of illegal calls from a Federal Emergency Management Agency (FEMA) Private Branch Exchange (PBX) to the Middle East and Asia. It appears that it was the usual culprits of poor change control and misconfigurations that left FEMA's digital doors open.If you are going to hack a phone system, do you really want to hack DHS? That's what happened this weekend when someone made hundreds of illegal calls from a Federal Emergency Management Agency (FEMA) Private Branch Exchange (PBX) to the Middle East and Asia. It appears that it was the usual culprits of poor change control and misconfigurations that left FEMA's digital doors open.All of this is according to an Associated Press story I read on MSNBC.com last evening. According to the AP's Eileen Sullivan and Ted Bridis, the attacker placed more than 400 calls on the hacked FEMA phone system to places such as Afghanistan, Saudi Arabia, India, and Yemen.
Here's the kicker, from an IT security perspective, from the AP story quoting a FEMA spokesperson:
More Security Insights
White Papers
- Mobile BI: Actionable Intelligence for the Agile Enterprise
- How To Regain IT Control In An Increasingly Mobile World - by BlackBerry
Reports
More >>Webcasts
- Outsourcing Security: What Every Potential Cloud Security Customer Should Know
- Maximize ROI with Database Consolidation onto Private Clouds
FEMA's chief information officer is investigating who hacked into the system and where exactly the calls were placed to. At this point it appears a "hole" was left open by the contractor when the voice mail system was being upgraded, Olshanski said. Olshanski did not know who the contractor was or what hole specifically was left open, but he assured the hole has since been closed.
This illustrates an excellent, yet often overlooked, point. Despite all of the attention we spend focusing on zero-day vulnerabilities and exotic exploits and attacks, many times it's simply poor change control procedures, lack of urgency to patch, or carelessness that gets an organization bitten.
Fortunately, in this case, it only appears to have been $12,000 in illegal calls to the Middle East and Asia, and some egg of the face of FEMA and the DHS.
Related Reading
| To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy. | |
|
|
T-Shirt Giveaway: Each week we're selecting one great comment from our readers. The author of the comment will receive an InformaitonWeek Community t-shirt. So get posting! |
Subscribe to RSSResource Links
This Week's Issue
Technology Whitepapers
- Creating the Enterprise-Class Tablet Environment - by Yankee Group
- How To Regain IT Control In An Increasingly Mobile World - by BlackBerry
- The BlackBerry PlayBook tablet's Good Bones - by BlackBerry
- Red Alert: Why Tablet Security Matters - by BlackBerry
- New Visual and Wizard-Driven Paradigms for Exploring Data and Developing Analytic Workflows
Featured Resource
This is your portal to all the news, product information, technical data, and other information related to the topic of computer user authentication and certification. Visit us to find out how to ensure that computer users are who they say they are.
Learn More












