December 2, 2011 archive

Dec 02

Unix Turns 40 – And IEEE Provides a Historical Look Back

Ieee spectrum

As the Unix operating system turns 40 this year, writer Warren Toomey published an excellent historical piece in this month’s IEEE spectrum:

The Strange Birth and Long Life of Unix: The classic operating system turns 40, and its progeny abound

I’ve been using Unix myself in various forms since the mid-1980’s. Much of my time was, of course, spent in the land of Linux… but even now I’m writing this post on an operating system that evolved out of that early Unix work (Mac OS X).

It is very hard to understate the role that Unix has played in our technology history… and this post provides some nice stories from those early days.

Well worth a read… (I say while stroking my beard that is now definitely grey… 🙂

Dec 02

Today’s VUC Call – Philippine Phone Phreaking Funding Terrorists

For those interested in telecommunications security, today's (Dec 2, 2011) VoIP Users Conference (VUC) call at 12 noon US Eastern will cover the recent arrests of 4 Philippine men who defrauded AT&T of close to $2 million and were employed by an alleged terrorist organization who was using the proceeds of the scam to fund their activities.

Eric Klein of Humbug Labs will be the guest on the VUC call discussing this and other fraud issues. It should be an interesting discussion.

You can join the live call via SIP, Skype or the regular old PSTN. There is also an IRC backchannel that gets heavy usage during the call. It will be recorded so you can always listen later.

If you found this post interesting or useful, please consider either:

Dec 02

Philippine Phone Phreakers Arrested After Funding Terrorists

CIDG

One of the big news items in telecom security this past week was the arrest in Manila of 4 men accused of defrauding AT&T of almost $2 million USD and then using those funds to finance a terrorist organization. The Philippine National Police issued a statement (annoyingly you have to scroll down to the “November 24, 2011″ entry) that explained the terrorist link:

Sosa said that Kwan and the other hackers in Manila were being used by the Zamir’s terrorists group to hack the trunk-line (PBX) of different telecommunication companies including the AT&T. Revenues derived from the hacking activities of the Filipino-based hackers were diverted to the account of the terrorists, who paid the Filipino hackers on a commission basis via local banks.

The joint operation between the Philippine Criminal Investigation and Detection Group (CIDG) and the US FBI is per the statement a result of a long-standing effort within the FBI to combat this kind of fraud.

It’s not clear yet exactly how the fraud was perpetrated and whether or not there was any “VoIP” involved. Ars Technica, in a lengthy piece, “How Filipino phreakers turned PBX systems into cash machines for terrorists, indicates that the attackers used traditional attacks against PBXs to compromise voicemail systems that allow outbound calling (DISA) and then passed that list of compromised PBXs along to others who sold this access as a way to cheaply call into premium rate services (similar to 900-numbers in the US).

There’s also a note in the Ars Technica article that the attackers used good old default passwords to get into many of these PBXs. :-( Assuming the prosecutions move forward we will hopefully learn more as the cases go to trial.

Regardless of the precise mechanism, it’s a great reminder that people need to check the traditional security mechanisms of their PBX systems, and REMOVE/CHANGE default passwords!

If you are interested in discussing this case, it will be the topic of today’s (Dec 2, 2011) Voip Users Conference (VUC) call at 12 noon US Eastern. All are welcome to join – or to listen to the conversation later once the recording is posted.