BT faces writ over hackers

Click to follow

Technology Correspondent

The London branch of the advertising agency J Walter Thompson is considering suing British Telecom, after phone hackers exploited flaws in a switchboard sold by BT to make pounds 60,000 worth of free calls in four days.

Managers at the agency also say they may club together in any lawsuit against BT with other companies whose switchboards have been broken into by hackers.

"BT failed to support us to the level that they should. They didn't provide the means or the training to protect us against this fraud," said Alison Sanderson, commercial director at JWT's London office. Janet McMillan, the company's technical director, added: "The features that the hackers used to get through our system are the same ones that BT put forward as a selling point."

Earlier this month, the Independent revealed that phone hackers have for years used well-known flaws in the voicemail systems of the Meridian switchboard to make calls lasting hours, directed all over the world. They dial into the company after hours, often on freephone lines, and reprogramme unanswered extensions remotely to dial external numbers. The calls are thus charged to the switchboard's owner.

BT has sold more than 50,000 Meridian systems in the UK since 1991, but only began to realise the extent of the hackers' activities late last year. In January, an internal BT memo told staff "not [to] discuss the various means by which fraud can be made - this will only serve to alarm the customer further". Ms McMillan discovered in May that criminal hackers based in New York were dialling through JWT's Meridian switchboard to make calls. They reprogrammed extensions to dial numbers in China, Yemen and Syria.

JWT was an essential link in the hackers' chain because they were making the calls using telephone card numbers stolen from the phone company AT&T. These do not allow direct calls to developing countries. "They needed to dial through another exchange to get out, and we were the intermediate," said Ms McMillan. "The calls lasted hours. It's big business, a multi- million pound fraud, not some teenager in an anorak sitting in his bedroom."

Ms McMillan disabled the facilities which made the hacking possible. But she said that reduces the usefulness of the switchboard: "It's just like a big, expensive answering machine."

Anecdotal evidence suggests that phone hacking is growing rapidly in Britain, and probably costs British businesses millions of pounds annually. At least three British-based companies have lodged complaints with the telecommunications regulator, Oftel, about their treatment by BT.

The Independent has also learnt of a number of other victims of such hacking, including a school and a hospital, which hackers used to make pounds 40,000 of fraudulent calls in one week.

In January, BT sent a four-page security warning specifically to Meridian owners, which it said "covers the main vulnerable areas and how to guard against hackers". But Ms McMillan said: "It was next to useless - it told you to restrict access, but not how."