David Chamowitz, a partner in the Alexandria, Virginia law firm Chamowitz & Chamowitz, got a $65,000 phone bill that he says he will not pay, according to a story reported January 24th on ABC's WJLA website.
The Alexandria attorney says someone hacked into his law firm's phone lines in the middle of the night to call Serbia and Algeria. Chamowitz showed a reporter from WJLA an e-mail from his service provider's fraud department, which shows someone made 195 calls in just 45 minutes.
"We didn't do it. We didn't make those calls," said Chamowitz, who only has three people working in his law office. ABC7 called service provider - Verizon - a spokesperson told the reporter that hacking like this is not common and the company is investigating.
According to the Federal Communications Commission, hackers can break into voicemail systems to make international collect calls. They target systems that still have default passwords, or systems with easy passwords, such as 1-2-3-4.
Chamowitz says he changed his password after an earlier hack, but was still targeted a second time.
"Right now our long distance is off," said Chamowitz. "I am kind of afraid to turn it back on because we fixed what we thought was the problem and it is apparently not fixed."
Here is a link to the FCC's website, which offers guidance on protecting yourself from voicemail system hacking. As we say all the time, ALWAYS change default passwords on everything – and don't use easy to guess passwords, like 1234, or the street number of your business. And change the password regularly. These attacks tend to happen at night or on weekends when they are less likely to be noticed. Long ago, we were hacked too because (though I can still hardly believe it) we didn't change the default password on a conference room phone voicemail box, which shouldn't have had one to begin with. Though it happened more than a decade ago, I still shake my head over that incident – however, it had the salutary effect of making me more compassionate when others make similar boneheaded mistakes!
E-mail: firstname.lastname@example.org Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology