UnauthorizedModems_2
Protecting Data Networks by
Securing Telephone Networks
Introduction
He called himself jester and using an old 386 desktop computer and a modem
he shut down the Worcester airport control towers phone service for more than
six hours in March of 1997. [8] He also disrupted telephone service for over 600
customers in Rutland, Mass. The airport and community hadnt specifically been
targeted; he merely used a simple program known as a war dialer to randomly
dial phone numbers in his local area searching for numbers connected to a
computer system or network. This hack involved the local telephone
companys loop carrier system. A loop carrier system allows multiple lines to be
connected to an optical fiber cable. This particular loop carrier was vulnerable to
an attack because it had been left accessible by NYNEX phone company
employees wanting the capability to repair systems remotely. When jester
(who was a young teenage hacker) disabled the loop carrier system he
effectively cut off all telephone lines the system serviced.
The telephone company is not the only target of hackers. Any computer
system connected to the Internet or accessible via dial-in modem is a potential
target today. Over the last few years the Internet has extended beyond its
original scientific community to anybody who can point and click. According
to the FBIs Ken Geide, a senior manager at the National Infrastructure
Protection Center, this dramatically increases the possibility for exploitation of
the Internet. Geide further stated:
The number and types of bad actors has increased, the number of bad
events is increasing, the access points for a range of bad acts whether
it be fraud or denial of service are all increasing. It would be fair to
say that the environment is rich with opportunity to perpetrate a host of
crimes.
One of the challenges for businesses today is to realize that their
intellectual property, and the systems that store and communicate that
property, are at risk. To manage that risk, it is real important for them
to have policies and plans in place, along with the proper education for
employees. [12]