INTRODUCTION TO CYBERCRIME

RESEARCH PROJECT 2

THE PHONEMASTERS CASE

CSFI-202 Spring 2010 “The Cybercrime Hall of Fame” by Asad Syed
The Phonemasters Case
The first hi-tech case for FBI.
It took 5 years to successful prosecute the
Perpetrators.
 1. Case Timeline
3
 Between 1994 and 1995 a group of
11 individuals started breaking into
telephone calling card codes.
 This activity later got expanded
because the individuals soon
realized they were making lots of
money.
 This group illegally hacked into the
networks of
 Telephone companies,
 Credit reporting agencies,
 National power grids,
 Air-traffic-control systems, and
 The White House.
 Conspiring to break into the FBI’s
own National Crime Information
Center.
 2. Actors Intro
4
 There were 11 members in this gang. Only 3 got  This group will impersonate a systems
caught and their names are: administrator by calling in and notify the
 Corey Lindsly,
employee that they were performing
 Calvin Cantrell, and
network checkups, and ask them to log off
 John Bosanac .
and then log back on.
 These hackers made the attacks in a number of
different ways:
 This gave hackers all the real userID and
passwords that were typed by the real
 At the beginning, the hackers utilized ring tones and
electronic boxes to bypass and circumvent toll charges. system administrators because of the key
 Later on, they did dumpster diving in the phone
loggers that were installed on those
company’s to seal telephone systems manuals and computer systems.
other critical documents.  And with the administrator userID and
 This allowed the hackers to present themselves as a
telephone company insider and gain control of they password this hackers had complete control
telephone computer systems . of the telephone computer systems.
 3. What did the actor do (The Attack)
- Vulnerability that got exploited…
5
 Social engineering was at play during  Physical records and documents
this attack.
 The companies whose databases were were not adequately safeguarded
burglarized and phone numbers re- internally or externally, when
routed did not have sufficient security
controls in place either technical, disposed by the telephone
procedural or social. company’s during those days.
 In addition, the company’s had no
quantified procedure in place to  Electronic controls were not in
measure illegally re-routed telephone place to avoid ring tone
calls and did not know the extent of the
intrusions. duplication, hence the piracy of
 As a result, the phone hackers were able to
successfully circumvent the company merger the ringtones was easily
security measures in place over a long period of compromised by the hackers.
time.
 4. Security Control that could have averted the
attack
6
 The following controls and
countermeasures could have been
implemented by the company’s
who were subjected to this attack.
 Securing dumpster areas and
shredding all important documents
and manuals.
 Implementing an educational
program to properly train all
personnel in security procedures
and social engineering techniques.
 Investing in the latest electronic
devices and software to monitor
intrusions into [telephone]
network systems.
 Create a holistic approach to
blend and integrate, cyber
security, physical security, and
personnel security at the
operational and organizational
levels.
 5. Attack Impact/Damage…
7
 This cybercrime prosecution was important  In September 16, 1999, the three individuals
to the FBI because it was the first time that were convicted of theft, possession of
both a digital number recorder and a data- unauthorized access devices, and
intercept device was used to collect data. unauthorized access to a federal computer.
The names of those individuals were:
 Originally the FBI had authority to use only a  Corey Lindsly, the mastermind was sentenced for
number recorder, but they needed to see 41 months,
what the data packets contained, hence the  Calvin Cantrell for 24 months, and
request to the DOJ for approval of a data  John Bosanac for 18 months.
interceptor to read packets which then had
to be invented on the spot.
 With this equipment the FBI was able to
collect substantial evidence relating to the
illegal activities of the phonemaster group.
 5. Attack Impact/Damage
8
 The phonemasters gang accounted for about
$1.85 million in business losses for the
companies attacked according to FBI sources.
 Some of the companies would not cooperate
with the FBI or believe them when notified
that hackers had intruded into their systems
which made the investigation more difficult
and time consuming.
 In addition, while the FBI investigation cost
was not quantified, that cost had to be
enormous considering the time and personnel
involved in the case.
 Other indirect costs: There were other costs
not monetary in nature such as
 The time that one of the hackers received a
speeding ticket and then illegally programmed
the police department’s telephone number to
appear on thousands of pagers across the
country
 And when the paged individuals responded back
the police department’s phone system crashed.
 6. Motivation behind the attack
9
 International calling card codes were
sold for $2 each.
 Personal credit reports were sold for
$75 each.
 State motor-vehicle records for were
sold for $25 each.
 Records from the FBI’s Crime
Information Center were sold for $100
each, and
 The address or phone number of any
celebrity were sold for $500 each.
 These hackers enjoyed harassing the FBI.
 These hackers eavesdropped on FBI taps and
informed suspected drug dealers that their lines were
tapped by the FBI.
 Some FBI Phone numbers were sold to phone-sex
chat lines in Germany and the FBI was billed for
$200,000 for this mischief.
 As the hackers progressed in their exploits without
getting caught, they began to profit from the illegal
activities by selling stolen data to private
investigators and by information brokers and the
Sicilian Mafia about the FBI plans on crackdowns.
 Out of the group of eleven hackers only three were
captured in 1995 and were successfully convicted.
 8. Conclusion
10
 This cybercrime started out with the intent of having fun and making a few telephone calls
without payment of coins from public phones and from home phone making calls that would not
send the toll record on ones telephone bill.
 When the telephone and other companies paid little attention to this minor thievery, the hackers
got carried away by the thrill of getting something for nothing and expanded their exploits to
encompass fraud and unauthorized illegal entry into corporate and government networks.
 It should be noted that it was not any of the defrauded companies that requested the FBI to
investigate the phonemasters, but a private investigator was approached by one of the hackers
to sell burglarized data. That is how the investigation got started.
 This cybercrime happened because of the lack of ability of the leadership of those companies to
visualize that people can via social engineering take control of their computer system and make
money out of it.
 9. References
11
 http://massis.lcs.mit.edu/archives/security-fraud/phonemasters-fraud
 http://attrition.org/~jericho/works/security/phonemasters.html
 http://www.innotechsan.com/files/PDF/Presentations/Innotech_-_Accudata_PCI_Presentation.pdf
 http://www.pbs.org/wgbh/pages/frontline/shows/hackers/whoare/notable.html
 http://wweek.com/html/crime011200.html
 http://www.justice.gov/criminal/cybercrime/phonmast.htm

 The complete history of Hacking of 1990s

 http://www.512kbps.com/2007/05/04/the-complete-history-of-hacking-4/
 http://www.usatoday.com/money/industries/retail/2007-11-30-tjx-visa-breach-settlement_N.htm
 FYI Slide: Widescreen Test Pattern (16:9)
Please note, this is Widescreen ppt

Aspect Ratio
Test
(Should appear circular)

4x3 (Normal ppt)

16x9 (This ppt)