WA Police chase $70k VoIP fraud spree

Western Australia Police are investigating a case of IP telephony fraud which saw three Perth businesses faced with a combined bill exceeding some $70,000.

(WA Police image by Nachoman-au, CC BY-SA 3.0)

The WA Police technology crime investigation unit said that fraudulent international calls were made over the businesses' Voice over Internet Protocol (VoIP) networks after their networks were hacked.

WA Police Sergeant Graham Clifford said VoIP fraud has cost Perth businesses tens of thousands of dollars.

"Attacks usually occur over weekends in order to maximise the amount of time the breaches will go unnoticed," Clifford said. "By the time business owners return to the office on Monday or after a long weekend, the damage has already been done."

"International criminals will scan business phone systems around the world in order to identify vulnerabilities which will make them easier to access. Once access is gained, criminals will log thousands of international calls to premium numbers — which in many cases they own — making a huge profit."

He said that many Perth businesses have "extremely vulnerable" VoIP networks and use "only the most basic security in place such as factory default access pins or passwords".

According to the Police, it's difficult to identify and prosecute VoIP fraudsters.

Perth businesses have had an unlucky past with VoIP attacks. In early 2009, a hacker placed 11,000 calls over a Perth VoIP line costing over $120,000.

Last year, network companies said that clients had been racking up phone bills worth $100,000 because of unauthorised calls placed over compromised VoIP servers. Smaller attacks have netted criminals tens of thousands of dollars worth of calls.

Neural Networks managing director Richard Stephens, who has fought VoIP attacks, said that passwords and prefixes should be enforced so that they cannot be easily guessed. He recommended other methods to prevent or reduce damage from VoIP attacks including placing caps on the amount of calls customers can make over a period, preventing calls being made to countries not usually contacted, and implementing systems to detect anomalous behaviour.