Articles written by Charles Patterson.

Telephone fraud and PBX hacking revisited… “will you accept the charges?”

A recent article in the NY Times caught the attention of some of our clients. It documented an architectural firm in Norcross, Georgia, that had their phone system hacked, resulting in a phone bill for $166,000 over just one weekend.

In past ExecSecurity posts we have discussed a few methods used by hackers for compromising phone systems. One aspect of the threat is actual eavesdropping and theft of information. That type of threat can be considered targeted attacks, where someone is attempting to steal information specifically from you or your company. But as mentioned in the Times article, hackers with fraud and financial gain as their motivation are hitting random targets throughout the US and the world. In such cases, the hackers do not care whose system they attack, and they will try thousands of systems looking for one that is vulnerable.

silhouette on phone

The Times article […]

2016-12-16T20:23:47-05:00October 24th, 2014|
Read More

Who’s in your conference call?

Electronic communications has made meeting up with others via conference calls and web conferencing quite convenient and very commonplace today.  It is important, though, to be aware of the security concerns and vulnerabilities for all types of conference services.

During an inspection we performed at a financial services company we found that their brand new boardroom conferencing system had been left with “auto-answer” enabled. This allowed anyone to call in and listen to everything taking place in the room, not only from any phone extension on the property, but also from any outside phone line. A caller just needed to know the “DID” or direct inward dial number (which happened to be the room’s extension number with the common prefix).

That incident involved the hardware based conference system built into the corporate boardroom. More common, though, and used by all levels of employees, is conference calling using either a corporate conference number (conference bridge […]

2016-12-16T20:23:47-05:00October 13th, 2014|
Read More

Voicemail hacks still prevalent, causing fraudulent phone charges to small businesses.

There are a number of reasons to try to keep your voicemail secure. The most significant may be to prevent theft of information. Celebrities and politicians could be the most obvious targets, the escapades of reporters working for Rupert Murdoch’s News of the World are testament to this (see Hack Attack). Business leaders and decision makers should also be concerned, of course, much proprietary information is left on voicemail messages.

Many businesses though, have found their voicemail systems compromised resulting in very large phone bills due to fraudulent calls.

The Better Business Bureau recently warned of it, calling it a “new” type of fraud. It is far from new, though. At ExecSecurity, we have worked on such cases starting as far back as 1996, and I’m sure incidents were probably occurring ever since voicemail systems were first put to use.

From KMTV in OMAHA, Neb. – The Better Business Bureau is warning about a new kind […]

2014-09-02T12:41:54-04:00September 2nd, 2014|
Read More

Backdoors to stored phone recordings.

Listening-Recording-Device

“Calls may be monitored for quality assurance…” but also for other reasons such as legal documentation or emergency services and 911 calls. Call recordings can exist for a number of legitimate purposes, using a variety of means and equipment. Not many use actual tape anymore, it usually stored on digital media. This can range from usb memory, to local PC hard drives, to more elaborate servers and cloud services. The larger systems will be managed by software which could have multiple levels of access.

One system I am familiar with can be set up to record calls and save them as if they were voicemail messages in the user’s mailbox. These recordings are then automatically emailed to the user. Whoever has admin access to the phone system will be able to adjust the destination email addresses, adding multiple different addresses for copies of the […]

2016-12-16T20:23:49-05:00May 29th, 2014|
Read More

Hotel eavesdropping fears and security tips.

TURKISH AK PARTY CHANGES HOTEL OVER WIRETAPPING FEARS

ANKARA — AK Party officials decided not to hold their biannual meeting at the Asya Termal, a hotel run by a Gülen Movement affiliate, over concerns that the venue may be bugged. The hotel in Ankara’s Kızılcahamam district was the traditional venue for the biannual consultation meetings of AK Party members until after private conversations in the previous meeting were secretly recorded and leaked. 

Gülenists are also accused of secretly recording private meetings at hotel rooms via hidden cameras.

The meetings on May 3 and 4 will be held in Antalya instead of the Ankara hotel. [Read more- the Daily Sabah]

Hotel Conf table 2

——————————————————–

Hotels are popular places for important meetings, but there is a lot to be concerned about. The rooms themselves are not very complicated to sweep, as the furniture is usually minimal, […]

2016-12-16T20:23:50-05:00April 21st, 2014|
Read More

Electronic Espionage Countermeasures for Executives and Executive Protection

By Charles Patterson, Jan 24, 2014

Corporate espionage strikes fear in the hearts of many executives, and rightly so. The threat is real, often not visible and not understood, and damage to the company (and to individuals) can be severe.  Spying comes in many forms and guises.  Cyber crimes and network hacking grab most of the headlines. They are certainly huge problems and require serious attention, but modern technology puts many advanced eavesdropping techniques in the hands of the general population as well as criminals. If you are responsible for the protection of executives, it is helpful to understand the threat that eavesdropping poses to the principals and their corporate concerns.

Corporate Threat

In the corporate arena, there are significant espionage threats from nation states, foreign competition, and other powerful adversaries. But there is also potential danger from others closer to home. Consider that most serious crimes usually begin with some […]

2016-12-16T20:23:54-05:00January 24th, 2014|
Read More

Corporate espionage- not new. Lack of awareness- also not new.

Having been working in the security field for over thirty five years, and in the surveillance countermeasures field for more than half of that, I’ve come to accept the need for protecting information as a given.  I’m always surprised when people I would have expected to be knowledgeable demonstrate their ignorance in such matters.

In this video from 2010, experienced newscaster Bob Schiefer shows that he was clueless about the world of corporate spying. Unfortunately, I think he represents the majority of CEO’s and corporate executives out there.  They need to understand the dangers their businesses face and how significant the threat against their proprietary information is.  

I just ordered Eamon Javers’ book, Broker, Trader, Lawyer, Spy from Amazon and have not read it yet. Judging by the reviews it may be good reading for anyone dealing with corporate information.

 Broker, Trader, Lawyer, Spy (on Amazon)

 

-Charles […]

2016-12-16T20:23:58-05:00October 5th, 2013|
Read More

The need for protecting confidential information.

The White House administration recently launched a strategy to mitigate the theft of U.S. trade secrets. (see:  www.whitehouse.gov/blog/2013/02/19/launch-administration-s-strategy-mitigate-theft-us-trade-secrets )

Part of the new White House strategy includes supporting ” industry-led efforts to develop best practices to protect trade secrets and encourage companies to share with each other best practices that can mitigate the risk of trade secret theft.”  […www.whitehouse.gov]  This is something many of us in the security and TSCM industry have been calling for for decades.

How valuable is your information?

Hopefully many corporations will begin to pay closer attention to their information security needs.  Often we have heard from corporate clients who really don’t think it would hurt them much if a little information went missing.  One company who developed medical equipment for cancer treatment did not have an alarm system in their office. When I asked about that oversight, they said they had nothing worth stealing. “If someone stole […]

2016-12-16T20:24:04-05:00February 23rd, 2013|
Read More

Corporate espionage: fascination with spying and spy technology

Interest and fascination with spying is ever present, especially in the corporate world. This can lead employees to cross boundaries and attempt illegal eavesdropping or theft of information for their own advancement or profit. 

The availability today of inexpensive electronic devices that can be used for covert surveillance can lead the less ethical among us to venture into the world of spy craft. Many may not even realize they could be breaking serious laws through the use of simple items they found on the internet.

Lifehacker recently sponsored a number of articles about spy technology available to the average person. [here]

 “When you’re a spy, you are often called on to augment your training with improvised solutions using whatever happens to be at hand. Sounds a lot like life hacking, doesn’t it? While most of us don’t have the pressure that spies face or the intensive training they receive, we can […]

2016-12-16T20:24:04-05:00January 27th, 2013|
Read More

Vulnerability on VOIP phone systems.

by Charles Patterson
Patterson Communications, Inc.
www.execsecurity.com 

VOIP vulnerability and disaster recovery

 We’ve had a busy schedule here in the New York area since Hurricane Sandy hit. A few of our clients lost their entire offices due to flooding from the Hudson River and had to relocate. We have been spending many hours helping some of them get their phone systems situated and back on line.

Flood waters

 One of our clients’ entire office (60 employees) was under four feet of water and they quickly had to relocate to a temporary facility a few miles away. To keep their business operational they signed up with a VOIP hosted phone provider who was able to give them phone service at their new office in a very short period of time. This was great for their quick recovery from the disaster. In helping them set up their new phones, though, […]

2016-12-16T20:24:04-05:00December 11th, 2012|
Read More

International voicemail hackers attack random US phone systems

Along with eavesdropping and theft of information, your voicemail system is also vulnerable for financial exploitation. In the past decade, there have been numerous occurances of voicemail systems being hacked for financial gain.  In many of these incidents the technique used was trying to force voicemail systems to place international calls to the Philippines, Cuba, or other countries.  The number being dialed is similar in concept to the 900 numbers popular in the US, where the owner of the number will receive payment for every call that comes in.  The calls are typically answered by another answering system that just tries to keep the automated call connected as long as possible. Since these are international calls, the owner of the phone system under attack will end up with a very large bill from their long distance carrier. 

International Phone Hacking

The hacker makes […]

2016-12-16T20:24:05-05:00August 17th, 2012|
Read More

Threat of foreign eavesdropping devices

Eavesdropping devices and bugs on sale in Japan.

High tech electronic eavesdropping devices are sold openly in many foreign countries. They are easily obtained by anyone traveling on business or on vacation. These devices pictured were on sale in a small shop in Japan. Most of them are illegal to sell or use in the U.S.

If you have business associates traveling overseas, whether competitors or within your own company, they could bring back devices that could seriously hurt your business.  Transmitters could be hidden within gifts or ordinary devices.  

We have the electronic tools and techniques that can locate such devices, even when they are hidden or sealed inside other objects.

 

 

2016-12-16T20:24:06-05:00July 29th, 2012|
Read More

Communications Security and Eavesdropping Countermeasures

Protection of information and communications is critical in today’s business world.  We will be updating our blog regularly with news, information, and advice to help you strengthen your information infrastructure. 
Please contact us directly if you have questions regarding your own privacy needs or specific situations.

Charles Patterson, President
Patterson Communications, Inc.
New York 

2016-12-16T20:24:06-05:00July 23rd, 2012|
Read More
Go to Top