find the latest legal job
Corporate Counsel and Company Secretary
Category: Generalists - In House | Location: Newcastle, Maitland & Hunter NSW
· Highly-respected, innovative and entrepreneurial Not-for-Profit · Competency based Board
View details
Chief Counsel and Company Secretary
Category: Generalists - In House | Location: Newcastle, Maitland & Hunter NSW
· Dynamic, high growth organisation · ASX listed market leader
View details
In-house Projects Lawyer | Renewables / Solar | 2-5 Years PQE
Category: Generalists - In House | Location: All Australia
· Help design the future · NASDAQ Listed
View details
Insurance Lawyer (3-5 PAE)
Category: Insurance and Superannuation Law | Location: Brisbane CBD & Inner Suburbs Brisbane QLD
· Dynamic organisation ·
View details
Legal Counsel
Category: Corporate and Commercial Law | Location: North Sydney NSW 2060
· 18 month fixed term contract · 3-5 years PQE with TMT exposure
View details
Law firms join ‘phreaked’ out list

Law firms join ‘phreaked’ out list

AT LEAST one of Australia’s top national law firms is among the growing list of organisations falling victim to a form of telecom hacking, which has cost some companies up to $1.7 million in a…

AT LEAST one of Australia’s top national law firms is among the growing list of organisations falling victim to a form of telecom hacking, which has cost some companies up to $1.7 million in a single attack. The threat, however, is neither new nor particularly difficult to prevent.

‘Phreaking’, as the crime is known, involves gaining access to an organisation’s telephone system and using it to make calls, charge phone cards or commit other forms of larceny.

Media reports of companies falling victim to this crime in Australia date back to 1992 and beyond, but it is the wholesale absence of such reports that has allowed the crime to go largely unnoticed and unchecked, so much so that there could be as many as 50 such attacks every week in Australia.

According to the US-based Communications Fraud Control Association, annual worldwide telecom fraud losses are believed to be in the range of US$35 to US$40 ($48 to $55) billion.

As with most cyber crimes, there is a huge reticence in corporate Australia to report such incidents as the reputation risk attached to admitting inadequate security is considered more important. Therefore, because so few organisationsadmit they have fallen victim to the crime, as far as the rest of corporate Australia is concerned it is not a problem.

This was exactly the tack the prominent national law firm took when it was stung for around $50,000 over the course of one weekend. According to its IT manager, who spoke with Lawyers Weekly on the condition of anonymity, the law firm’s executive decided not only to pay the phone bill, but to keep the security breach from the broader partnership.

In this incident, the law firm’s facility management team was informed on a Monday morning by Telstra that there had been a huge spike in their phoneline usage — mainly ISD calls to Hong Kong. Its Private Automatic Branch eXchange (PABX) system had been hacked via phone. “A classic phreak,” the IT manger said. The phreakers then opened up about a 50-line open circuit and proceeded to run up a bill of around $50,000 over the weekend.

Lawyers Weekly has learned that in another incident, a small regional law firm left on the modem that its PABX maintainer used to access the system without password protection, and it was completely reconfigured by a hacker to forward other calls.

For the few companies that have gone on the record, the losses are frightening. Perpetual Trustees was left with a $600,000 phone bill racked up between 31 October and 15 November 2000. On one day alone, the company was stung to the tune of $80,000 — the result of 5,000 illegal calls.

Among the most recently reported incidents was one involving a private hospital in Canberra, which had its PABX system hijacked on 22 March 2005. In the following 24 hours, John James Hospital had between $4,000 and $5,000 worth of international calls charged against its account.

In another incident, Australia importing business Plastic Plumbing Supplies was stung for an undisclosed amount exceeding $500,000 over a three-month period with all of the illegal calls being made when the office was empty overnight. Commercial manager for the business Peter Krohn told Lawyers Weekly that while he had reached a settlement with his telecommunications provider, which forbade him from outlining the specifics of the settlement, the experience had left him bitter and his business had suffered a very substantial loss. “It was akin to having a very large bad debt,” he said.

Telstra has admitted that up to 20 hacks are perpetrated against its clients every month. Add to that the legion of companies no longer with the soon-to-be fully privatised national carrier and the number could easily double.

Yet a spokesperson for ACT Policing told Lawyers Weekly he was unaware of any more cases being reported to that police force since. In 2004 there were only two reported cases in the ACT. With more than 200 such attacks every year reported to Telstra alone, it is clear that companies are electing to take the hit.

Australian High Tech Crime Centre director, Federal Agent Kevin Zuccato, says it is hard to put a figure on the impact of hacking, but there is no doubt criminals are becoming more astute.

One man who is carving a living out of phreaking is David Stevens. Not by committing crime, but by helping companies avoid being the next victim. His consultancy, Telecom Security, specialises in hacking into companies’ PABX and voicemail systems, then putting in place the necessary security systems to ensure the company is phreaking safe.

Calling his company’s services an audit, Stevens says that his percentile success rate of being able to hijack a company’s phone system is in the very high nineties. Worse news still, is that having secured a company’s system, often within 12 months he’s able to get back into a company’s phone system against his own security measures.

Like this story? Read more:

QLS condemns actions of disgraced lawyer as ‘stain on the profession’

NSW proposes big justice reforms to target risk of reoffending

The legal budget breakdown 2017

Law firms join ‘phreaked’ out list
lawyersweekly logo
Promoted content
Recommended by Spike Native Network
more from lawyers weekly
LCA president Fiona McLeod SC
07:05
Where social fault lines meet the justice gap in Aus
After just returning from a tour of the Northern Territory, LCA president Fiona McLeod SC speaks wit...
Marriage equality flag
07:00
ALHR backs High Court challenge to marriage equality postal vote
Australian Lawyers for Human Rights (ALHR) has voiced its support for a constitutional challenge to ...
Give advice
07:00
A-G issues advice on judiciary’s public presence
Commonwealth Attorney-General George Brandis QC has offered his advice on the public presence of jud...
APPOINTMENTS
Allens managing partner Richard Spurio, image courtesy Allens' website
Jun 21 2017
Promo season at Allens
A group of lawyers at Allens have received promotions across its PNG and Australian offices. ...
May 11 2017
Partner exits for in-house role
A Victorian lawyer has left the partnership of a national firm to start a new gig with state governm...
Esteban Gomez
May 11 2017
National firm recruits ‘major asset’
A national law firm has announced it has appointed a new corporate partner who brings over 15 years'...
opinion
Nicole Rich
May 16 2017
Access to justice for young transgender Australians
Reform is looming for the process that young transgender Australians and their families must current...
Geoff Roberson
May 11 2017
The lighter side of the law: when law and comedy collide
On the face of it, there doesn’t seem to be much that is amusing about the law, writes Geoff Rober...
Help
May 10 2017
Advocate’s immunity – without fear or without favour but not both
On 29 March 2017, the High Court handed down its decision in David Kendirjian v Eugene Lepore & ...