Emotive terms such as “cyber attack” and “cyber-terrorism” are always certain to generate plenty of media excitement, with science-fiction visions of malevolent hackers creating vicious computer viruses to rampage through cyberspace, doing unseen and untold damage to the infrastructures that support our way of life. However, while the reality of IT security is far more mundane than such science-fiction ideas, the threat to a network from malicious attack remains real and the consequences just as frightening. Every business is dependent upon information technology, which brings with it inevitable vulnerability.

Dark rumours of underground hacker networks and conferences give rise to the belief in a vast and growing number of aggressive, deliberately destructive hackers. Significantly, the methods these hackers adopt to gain unauthorised access to corporate resources are now also extending to embrace telecommunications systems.

The terrorist threat

The hacker phenomenon has a serious and far-reaching influence. Were communications on two continents ever disrupted by moving telecommunications satellites? Have computing resources belonging to government agencies ever been hacked? Have environmental controls in a shopping centre ever been altered via modem? The answer to all of these questions is yes. But, unlike other crime groups who receive high profile coverage in the media, the individuals responsible for these incidents are rarely caught.

As if that is not enough, unauthorised use of telecommunications facilities is the preferred methodology for people who sympathise or support terrorist organisations, and want their activities to remain invisible.


The French authorities studying the Madrid train bombings in March 2004, for example, are investigating whether the bombers hacked into the telephone exchange of a bank near Paris as they were planning their attack. The telephone calls involved were made by phreaking - a practice similar to hacking that bypasses the charging system.

Combating telephony fraud

The PBX is among the most susceptible areas to telecommunications fraud. Typical methods of fraudulent abuse involve the misuse of common PBX functions such as DISA (Direct Inward System Access), looping, call forwarding, voicemail and auto attendant features.

Another area popular for frequent fraudulent exploitation is the maintenance port of PBXs. Hackers often use the dial-up modem attached to such ports to assist in remote maintenance activities. When a PBX is linked to an organisation’s IT network – as is increasingly the case with call centres, for instance – a poorly protected maintenance port can offer hackers an open and undefended “back door” into such critical assets as customer databases and business applications.

When things go wrong