WILLIAM BENTON, of the US Secret Service in Washington DC, doesn't know exactly how many people are involved, but he says there are thousands. He also knows that they cost other people millions of dollars pursuing their latest, highly ingenious, white-collar crime: voice-mail fraud.

In the past few years companies and individuals across the United States have been switching from answering machines to voice-mail in droves, embracing it as the most efficient means of gathering and storing telephone messages. In California, the Pacific Bell telephone company says it already has a million v-mail users; over the past year demand has risen by more than a third.

The advantages are easy to see. Voice-mail, recorded digitally by computer and accessed by punching a password into the telephone, can handle more than one call at a time. Messages can be relayed to other voice-mail 'boxes' at the touch of a button. There is no risk of a tangled tape or incomprehensible recording or simply forgetting to switch the machine on. Once the calls have come in you can choose which messages to wipe and which to save.

It also eliminates the risk of insulting a caller by interrupting a conversation to pick up another incoming call. 'Call waiting' - that maddening little click which announces someone else is trying to get through - becomes redundant, ridding clients of the embarrassing business of putting someone repeatedly on hold - seen, on the West Coast at least, as the equivalent of peering over someone's shoulder at a cocktail party in search of more interesting company.

Yet there are also setbacks, the scale of which have only recently become clear. According to Mr Benton and his colleagues in the Financial Crimes Division, computer hackers have turned their talents to cracking corporate voice-mail systems. There is plenty of hidden treasure: trade secrets, personnel details, tabloid news, covert deal- making and more.

Using a high-speed computerised number-scanning device called a 'war dialer', hackers track down the (often toll-free) telephone numbers that businesses use for voice- mail. They then trawl through the system until they access a mail box. This is often fairly easy, as some systems merely use extension numbers as passwords.

They may merely be seeking to listen to an executive's messages in the hope of hearing some useful titbits. Mr Benton says it is rumoured that some foreign countries encourage their own government departments to eavesdrop on business competitors from other countries in the hope of gleaning sensitive or lucrative information. He refused to say which ones.

Some hackers also search for an unassigned and empty voice-mail box, either for their own use or to sell illegally to someone else. These are useful in the underworld because they can be used to exchange information in illicit transactions without tying the participants to an address or easily traceable telephone number. All either party needs is a telephone number and the box access code. What better means of swapping information about drugs deals, arms sales or any other racket?

According to Mr Benton, the most graphic example of the huge amount of money that can be lost through 'voice-mail squatters' occurred recently in the US when a group of hackers broke into a corporate voice-mail box. The company's communication system, like many, allowed mail-box users to access outside telephone lines through an internal telephone exchange.

Within a few hours, instructions on how to access the boxes had been distributed to at least 200 hackers who immediately began using the lines en masse, sending the company's telephone bill into the stratosphere. By the end of one weekend, they had spent dollars 1.4m ( pounds 933,000). 'It's incredible to see the costs that can be run up,' said Mr Benton. 'These people use the lines to download computer software and that sort of thing, which can take hours at a time.'

Information theft can be just as financially damaging. In one case an American company lost one of its sales staff to a Japanese competitor. His first act on settling in at his new job was to rifle through his former employer's mail boxes for information about forthcoming sales. He was unmasked when a competitor tipped off his old company, which set up a trap using bogus sales information as bait.

Another notorious case involved an American oil-drilling company bidding for work. An executive made the mistake of leaving details of a bid on v-mail. The following day a competitor won the contract. A Dallas telecommunications investigator told Forbes magazine that the losing company called him in after becoming suspicious about the circumstances of the deal. His inquiries established that the voice- mail message had been intercepted - a piece of snooping that cost his clients between dollars 500,000 and dollars 750,000 in lost business.

It is worth remembering that hotel voice-mail systems are even more vulnerable to abuse. Often they do not require a password, or rely on the user's room number. Any con artist worthy of the name can figure it out in minutes.

'Stealing information from competitors is on the rise,' warned the Telecom & Network Security Review recently. 'Thousands of voice-mail systems are penetrated on a weekly basis by competitors, disgruntled present and former employees and freelance hackers looking for information that might have a street value.' To make matters worse, such electronic crime is extremely hard to detect.

It is perhaps wise for companies with voice-mail systems to consider preventive measures. These include longer passwords, changing them often, and hiring security consultants to check through empty v- mail boxes to ensure they are free of squatters. But the best tip is the simplest - don't leave sensitive messages on v-mail - at least, not unless you are prepared for your latest brilliant pitch to the boss to be snapped up by the enemy.

Comments