Bell Canada in its infinite wisdom saw fit to reduce the bills of some of its customers that had been hacked. The hack was a breach of the phone mail systems that would allow an attacker to access an use the voice mail as a relay to call, well, anywhere on the victim’s dime.

Or in the case of one law firm $207,000.

From CBC:

The law firm isn’t alone with the billing problem, but Bell Canada spokeswoman Julie Smithers calls the situation “really rare” and a “very old scam” that affects primarily business customers, although she said some residential consumers have been caught.

Here’s how Bell thinks it works: an automated dialer will target a specific phone number, and wait for the voicemail to respond. Then, the computer will go through standard voicemail passwords.

Once it finds the correct password — often a predictable number combination — the automated dialer will choose an option on the voicemail that allows it to make long-distance phone calls.

The part of this story that seems unclear is that were these customers managed by Bell? If so, does that not point to an abject failure in their own password management as opposed to the customers?

But she added “it is extremely important and it is the customer’s responsibility to put passwords in place that are difficult to guess.”

Hmm. But,

Bell Canada spokeswoman Julie Smithers calls the situation “really rare” and a “very old scam” that affects primarily business customers.

Business customers. Like the one’s Bell manages? It’s not like Bell ever makes mistakes. How I loath the spin.

So, whatever happened to the dinosaurs again?

Article Link

(thx to Andrew Hay for pointing me to this article)

Comments

  1. Fascinating. Absolutely fascinating. There was a flurry of hacks of PBX’s month or so back, and lots of stories of customers getting billed for huge sums of money.

    What’s interesting is that they’re saying that the *think* this is how the scam happened… really, think? How about a $207k investigation? Hell, I can’t spend $100 more than my “regular pattern” on my credit card but someone can get a $207k bill one month for phone services?

    CBC r0xorz.

  2. Heck, the total dollars flowing through Bell back into the hackers pocket is over $1 million when you add up all the total charges from the victims. Bell, of course is reluctant to play ball because they are making profits off this as well as everyone else down the line. More on my blog: http://stopphonehacking.blogspot.com/

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.