find the latest legal job
Corporate/Commercial Lawyers (2-5 years PAE)
Category: Corporate and Commercial Law | Location: Adelaide SA 5000
· Specialist commercial law firm · Long-term career progression
View details
Graduate Lawyer / Up to 1.5 yr PAE Lawyer
Category: Personal Injury Law | Location: Brisbane CBD & Inner Suburbs Brisbane QLD
· Mentoring Opportunity in Regional QLD · Personal Injury Law
View details
Corporate and Commercial Partner
Category: Corporate and Commercial Law | Location: Adelaide SA 5000
· Full time · Join a leading Adelaide commercial law firm
View details
In-house Legal Counsel & Commercial Lawyers
Category: Corporate and Commercial Law | Location: All Sydney NSW
· Providing lawyers with flexibility and control over when they work, how they work and who they work for.
View details
In-house Legal Counsel & Commercial Lawyers
Category: Corporate and Commercial Law | Location: All Melbourne VIC
· Providing lawyers with flexibility and control over when they work, how they work and who they work for.
View details
Law firms join ‘phreaked’ out list

Law firms join ‘phreaked’ out list

AT LEAST one of Australia’s top national law firms is among the growing list of organisations falling victim to a form of telecom hacking, which has cost some companies up to $1.7 million in a…

AT LEAST one of Australia’s top national law firms is among the growing list of organisations falling victim to a form of telecom hacking, which has cost some companies up to $1.7 million in a single attack. The threat, however, is neither new nor particularly difficult to prevent.

‘Phreaking’, as the crime is known, involves gaining access to an organisation’s telephone system and using it to make calls, charge phone cards or commit other forms of larceny.

Media reports of companies falling victim to this crime in Australia date back to 1992 and beyond, but it is the wholesale absence of such reports that has allowed the crime to go largely unnoticed and unchecked, so much so that there could be as many as 50 such attacks every week in Australia.

According to the US-based Communications Fraud Control Association, annual worldwide telecom fraud losses are believed to be in the range of US$35 to US$40 ($48 to $55) billion.

As with most cyber crimes, there is a huge reticence in corporate Australia to report such incidents as the reputation risk attached to admitting inadequate security is considered more important. Therefore, because so few organisationsadmit they have fallen victim to the crime, as far as the rest of corporate Australia is concerned it is not a problem.

This was exactly the tack the prominent national law firm took when it was stung for around $50,000 over the course of one weekend. According to its IT manager, who spoke with Lawyers Weekly on the condition of anonymity, the law firm’s executive decided not only to pay the phone bill, but to keep the security breach from the broader partnership.

In this incident, the law firm’s facility management team was informed on a Monday morning by Telstra that there had been a huge spike in their phoneline usage — mainly ISD calls to Hong Kong. Its Private Automatic Branch eXchange (PABX) system had been hacked via phone. “A classic phreak,” the IT manger said. The phreakers then opened up about a 50-line open circuit and proceeded to run up a bill of around $50,000 over the weekend.

Lawyers Weekly has learned that in another incident, a small regional law firm left on the modem that its PABX maintainer used to access the system without password protection, and it was completely reconfigured by a hacker to forward other calls.

For the few companies that have gone on the record, the losses are frightening. Perpetual Trustees was left with a $600,000 phone bill racked up between 31 October and 15 November 2000. On one day alone, the company was stung to the tune of $80,000 — the result of 5,000 illegal calls.

Among the most recently reported incidents was one involving a private hospital in Canberra, which had its PABX system hijacked on 22 March 2005. In the following 24 hours, John James Hospital had between $4,000 and $5,000 worth of international calls charged against its account.

In another incident, Australia importing business Plastic Plumbing Supplies was stung for an undisclosed amount exceeding $500,000 over a three-month period with all of the illegal calls being made when the office was empty overnight. Commercial manager for the business Peter Krohn told Lawyers Weekly that while he had reached a settlement with his telecommunications provider, which forbade him from outlining the specifics of the settlement, the experience had left him bitter and his business had suffered a very substantial loss. “It was akin to having a very large bad debt,” he said.

Telstra has admitted that up to 20 hacks are perpetrated against its clients every month. Add to that the legion of companies no longer with the soon-to-be fully privatised national carrier and the number could easily double.

Yet a spokesperson for ACT Policing told Lawyers Weekly he was unaware of any more cases being reported to that police force since. In 2004 there were only two reported cases in the ACT. With more than 200 such attacks every year reported to Telstra alone, it is clear that companies are electing to take the hit.

Australian High Tech Crime Centre director, Federal Agent Kevin Zuccato, says it is hard to put a figure on the impact of hacking, but there is no doubt criminals are becoming more astute.

One man who is carving a living out of phreaking is David Stevens. Not by committing crime, but by helping companies avoid being the next victim. His consultancy, Telecom Security, specialises in hacking into companies’ PABX and voicemail systems, then putting in place the necessary security systems to ensure the company is phreaking safe.

Calling his company’s services an audit, Stevens says that his percentile success rate of being able to hijack a company’s phone system is in the very high nineties. Worse news still, is that having secured a company’s system, often within 12 months he’s able to get back into a company’s phone system against his own security measures.

Like this story? Read more:

Book commemorates diamond milestone for WA law society

QLS condemns actions of disgraced lawyer as ‘stain on the profession’

NSW proposes big justice reforms to target risk of reoffending

Law firms join ‘phreaked’ out list
lawyersweekly logo
Promoted content
Recommended by Spike Native Network
more from lawyers weekly
90 years Western Australia Law Society
06:03
Book commemorates diamond milestone for WA law society
Ninety years of Western Australia’s legal profession has been recorded in a special publication ce...
Dec 18 2017
Summer in the city
Across Australia, a number of law students have kicked off their commercial law aspirations with the...
microscope
Dec 18 2017
‘Exorbitant legal fees’ under government microscope
With the growing number of class action proceedings in Australia, the government is looking at how ...
APPOINTMENTS
Allens managing partner Richard Spurio, image courtesy Allens' website
Jun 21 2017
Promo season at Allens
A group of lawyers at Allens have received promotions across its PNG and Australian offices. ...
May 11 2017
Partner exits for in-house role
A Victorian lawyer has left the partnership of a national firm to start a new gig with state governm...
Esteban Gomez
May 11 2017
National firm recruits ‘major asset’
A national law firm has announced it has appointed a new corporate partner who brings over 15 years'...
opinion
Nicole Rich
May 16 2017
Access to justice for young transgender Australians
Reform is looming for the process that young transgender Australians and their families must current...
Geoff Roberson
May 11 2017
The lighter side of the law: when law and comedy collide
On the face of it, there doesn’t seem to be much that is amusing about the law, writes Geoff Rober...
Help
May 10 2017
Advocate’s immunity – without fear or without favour but not both
On 29 March 2017, the High Court handed down its decision in David Kendirjian v Eugene Lepore & ...