Most churches with multiline small-business phone systems are unaware of the potential for their phones to be hacked by international criminals. This can be a very costly problem as we discovered when our phone system was hacked over a weekend from outside and used to make tens of thousands of international calls to various foreign countries. The numbers called were "premium" numbers, well-known by phone security experts.
When these premium numbers are called, the caller is charged a premium price. Multiple simultaneous international calls to premium numbers were made by hackers using just one of our phone lines. The hackers never had to enter our offices or even the borders of this country. When we came in Monday morning, our phone company notified us that our system had been fraudulently used and that we could expect a large phone bill. When the bill came, it was for $166,000.
We disputed the bill and reported it to our state Public Service Commission, the FBI and the local police. Everyone agreed we were victims of a crime, but no one seemed to know what to do about it. Our insurance company refused to cover it. We soon learned that our carrier, TW Telecom had a security system in place to detect such hacking, but it was not functioning that weekend. Normally their security system would detect unusual calling activity, shut it down, limiting the damages to a few thousand dollars.
Their security system was out for over 40 hours, leaving us exposed to the hackers. When we signed up with TW Telecom, they provided international calling as a standard part of our phone service.
We are working with an attorney who has advised us not to pay this bill, which is now, with late charges, up to $183,000. He says paying would be participating in a crime, encouraging the crooks to keep doing what they do. Our carrier has refused to take any responsibility for the hacking and is demanding that we pay the entire bill, plus late fees.
However, TW Telecom paid their carrier company, from which they leased their lines, without notifying them of the fraud, thus participating in the crime and violating FCC laws. TW Telecom is being purchased for $5.7 billion dollars by Level 3 Communications. Our attorney has filed an "opposition" with the FCC, opposing the sale to Level 3. He has also filed a formal complaint with the FCC.
My advice to any church or business with Voice over Internet Protocol service: If you have an older analog system, one with a few lines and a call forwarding feature, disable call forwarding. VoIP systems use the Internet and are subject to hacking. Disable auto answer if you do not need it. Nortel, which no longer exists, manufactured the most vulnerable systems, but many other brands of these small business systems are vulnerable to hacking. One protection would be to "block" all international calling, as well as domestic 900 numbers. If you need to make overseas calls, use a cellphone or Skype.
This problem is complex and it is difficult to catch and punish the hackers. So far the FCC has not helped and the FBI seems uninterested. The federal government, which regulates phone service, has been slow to respond to this problem. It is up to you to protect your phones from costly hacking. For more information on this issue, please read this story by The Denver Post, or watch this report by Atlanta's WSB-TV
