FEMA phone system hacked


Over the weekend, a hacker broke into FEMA’s new PBX voicemail system, made over 400 overseas phone calls to Asia and the Middle East, and ran up a $12,000 bill. The low tech hack took advantage of a “hole” that was not covered when a contractor upgraded the voicemail system. FEMA is currently conducting its own internal investigation, but FEMA spokesman [Tom Olshanski] did not have any information about the contractor responsible or what specific hole was the cause of the breach. Ironically, Homeland Security, of which FEMA is a part, had issued a warning in 2003 about the very same vulnerability.

[photo: silas216]

Comments

  1. dandin1 says:

    Phreakers in the modern age!

  2. rivetgeek says:

    $20 says that the hole = default password.

  3. cmholm says:

    I’m sure the name of the contractor will come out in due course. But, for those that want to speed that process, a bit of web search on FEMA, PBX, voicemail, and either the “Emergency Management Institute”, “National Emergency Training Center”, the “U.S. Fire Administration”, “Chenega Federal Systems” (a contractor), or anything else at 16825 south seton avenue, emmitsburg, md 21727 should provide some leads.

  4. mash says:

    does anybody know exactly what “hole” they’re alluding to? could it be the tech didn’t change the default password after the upgrade?

  5. blizzarddemon says:

    A better question would be, how did he manage to rack up that big a bill. It would need an average of about $30 per call…..

  6. BigD145 says:

    Bush was given fair and advanced warning about Osama’s people flying a hijacked plane into a building on US soil. If anything, the FAA cut back on security. Gov’t laptops go missing every month. Voting machines fail to record the votes of citizens. FEMA is in the shitter. Yeah. Vulnerabilities have not been addressed.

  7. hazrd says:

    And I thought the phreaking age had long since passed.

  8. mash says:

    who knows what the truth is. likely much worse than reported. irs misplaced 500 laptops. was probably more. our tax returns on CD are probably being sold by street vendors in tashkent

  9. r1cebrner says:

    thats a callmaster iv. to enable mute press select mute *87 1 to enable then mute again. pull out the head seat first

  10. static says:

    Phreaking, hacking, whatever one calls it, this is a stupid activity to engage in this new era. The era of be afraid, VERY afraid, the industrial military complex depends on it. No doubt they know who the contractor was and what hole was plugged. That information is only for those who need to know. The people, in the government by the people for the people, aren’t those who need to know.

  11. So at the average price of $30 per long distance call, this can go along with those $640 toilet seats and $400 hammers. Your tax dollars at work!

    That’s also 400 calls over 48 or so hours, meaning that if the one guy avoided sleep, he’d have to make over 8 calls an hour.

    I think he had help. And why can’t The Canadian Press do some basic investigative reporting/math?

  12. Jim says:

    I am going with the default password idea as well.

  13. 3R1C says:

    On older phone systems you could call a voice mail box, wait to the announcement to play, wait until the system was done recording your message, then you could transfer out and make calls.

  14. KaOS says:

    I remember those days of analog cellphones and voicemail boxes with default passwords. At the time, cell phones cost over $1,000. Remember writing basic code to tumble through a callingcard template or credit card. Remember threatening people by using above method to call local operator to place a call anywhere. Nothing they could do then.

  15. know Orange says:

    Thanks allot for sharing this useful post.!
    Here, I found a youtube video about xbox live hacks, that I would like to share- xbox live Hacks.
    but seriously, great post and thanks alot !!
    I look ahead to your next article !
    ;-)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 94,102 other followers