Phreaking – Don’t be a victim

Phishing, hacking, Phreaking – however you describe it; cyber crime is on the rise and costs UK businesses billions of pounds each year. So what is phreaking? and what precautions can your school take to protect themselves from falling victim to it. Eurolink Connect explains the potential commercial impact of “Phreaking” and how you can prevent it.

What is Phreaking: 

“Phreaking” is the process of hacking into a telecommunications system, in order to obtain free calls or contact high-cost numbers. It involves illegally hacking a telephone network and using this access to make long-distance or high-cost calls via your telephone lines.

Typically, it will most affect businesses such as Schools, who have long periods of absence; however all businesses are at some risk during weekends, or long periods of absence such as bank holidays.

 

Who is at risk? 

Originally started in the 1960s, phreaking was traditionally a challenging process which involved hacking the signal used by a phone network. The dawn of the internet, broadband, VoIP phones and new technology means that Phreaking is now more commonly associated with computer hacking and is simpler and quicker to do.

The process of phreaking is relatively simple with the right circumstances, and can be completed in a matter of minutes. This means any business is technically at risk of Phreaking, if they haven’t taken the right precautions. The ultimate aim of the hacker is usually free calls, so your risk is increased if your business has long absences, is closed at weekends, has multiple phone lines, or uses part-time staff. Particularly favourable targets are Schools, Universities and colleges, whose long holiday periods reduce the risk of immediate detection, although they are not exclusive targets.

 

What are the outcomes? 

The single biggest impact for a business is the cost; once hacked a telephone line can be used to make calls one after another, to high-charge numbers. For example, long-distance calls are systematically called, which can cost a business thousands of pounds in just a few days. Once the calls have been made, you have no formal recourse, so you are liable for the charges, no matter what the cost. In many cases, the devastating impact is bankruptcy.

 

How does it happen? 

“Phreaking” or telephone hacking will most commonly (but not exclusively) occur if you have VoIP phone lines as these are run using computers. VoIP offers great flexibility to be able to move or transfer phone lines, lower call costs etc., but they are also associated with an online account which can be hacked. The account is hacked, authenticated and then used to make ongoing calls.

 

How can you stop it? 

No process is 100% failsafe, but there are four main prevention methods you can use:

Choose a strong password on your telecoms accounts. Every account will come with a default password and this makes it extremely easy to hack. Change it to something which preferably includes numbers and letters (alphanumeric), upper and lower case. Also, change your voicemail passcode. To be extra secure, you should change passwords every 90 days.

Bar specific numbers; you have the opportunity to block calls to premium rate numbers and calls made abroad. What you can bar will depend on your business and what your needs are, however this will help prevent the effectiveness of hacking if they do manage to break the system

Ask for or add a call reporting system; these enable you to set-up daily reports or alerts which will help you keep track of call volumes and spend, alerting you to unusual calling patterns. If you see any, you can then alert your telecoms provider if they haven’t already notified you.

Avoid ‘trunk-to-trunk calls’; trunk-to-trunk calls are usually used to support conferencing features and direct dial to voicemail services. If you have lines or extensions which don’t need this access, get your telecoms supplier to remove the option.

 

If possible, you should also ask your telecoms supplier about what options they can offer you. Services such as ‘fraud detection’ which automatically monitor normal call patterns can alert or even suspend telephone lines automatically if hacking is suspected. This may provide a small inconvenience to the business, but an hour spent investigating the issue could save you far more money in prevented call charges.

 

What to do if you are affected?

Unfortunately, the anonymity of the internet means that even if you know you are being hacked it is unlikely you or anyone else will be able to trace the perpetrators or bring them to justice. The best defence is prevention, however if you do believe you have been hacked, there are a few things to do:

Get your telecoms provider to temporarily suspend your account; this is particularly effective if the hackers are still using the lines, but it will give you space to change passwords, take stock etc

Make sure you change passwords into your accounts which will hopefully lock out the hackers. Hacking is all about speed and volume, so it is likely they will move on to other accounts rather than hacking again. There is unfortunately very little you can do and ultimately, you will still end up footing the bill. Your suppliers will also be affected, so they will be unable to offer you any support.