A hacker broke into the telephone system for FEMA, part of the Dept. of Homeland Security, and made tens of thousands of dollars worth of phone calls to the middle east.
The hacker made more than 400 calls on a Federal Emergency Management Agency voicemail system in Emmitsburg, Md., on Saturday and Sunday, according to FEMA spokesman Tom Olshanski.A phone system in the Dept. of Homeland Security was infiltrated by tricks that date back to the early 1990s.
[...]
This type of hacking is very low-tech and "old school," said John Jackson, a St. Louis-based security consultant. It was popular 10 to 15 years ago. Telecommunications security administrators now know to configure security settings, such as having individual users create unique passwords and not continue to use the password assigned to users in the initial setup.
"In this case it's sort of embarrassing that it happened to FEMA themselves — FEMA being a child of DHS, with calls going to the Middle East," Johnson said.
Afghanistan, Saudi Arabia, India and Yemen are among the countries calls were made to, Olshanski said. Most of the calls were about three minutes long, but some were as long as 10 minutes.
Sprint caught the fraud over the weekend and halted all outgoing long-distance calls from FEMA's National Emergency Training Center in Emmitsburg.
And DHS wasn't even the one that caught it. It was uncovered by the phone company.
Heckuva job.
