Japan’s major telecommunication carriers have revealed a worrying rise in the number of hacking attacks against IP phone systems in which users, mainly companies, are being charged large amounts of money for overseas phone calls they didn’t make.
Major IP phone service providers NTT East Corp. and NTT West Corp. said that in the 2014 business year they received 101 complaints from IP phone users claiming they had been charged for international calls they were not aware of.
In one case, a user was charged with a monthly fee of more than ¥5 million, they said.
The carriers said it is likely the users were victims of cyberattacks in which users’ switching systems were infiltrated to make international calls repeatedly to high-cost destinations such as Sierra Leone, in West Africa.
Third parties in the receiving countries sometimes collect part of the fees for such calls.
“Nearly all of the users that have been recently suffering from such hack attacks are (small and mid-size) companies,” said Taiji Sugata, general manager of the Telecommunications Carriers Association’s Research Department.
Sugata said that many companies may have been unaware of the risks when introducing IP phone systems for multiple phone lines or extensions and allowing maintenance firms to manage them remotely.
“Many companies outsource maintenance of such systems to outside firms . . . and if the system is not properly protected, people who know the passwords might misuse it,” he said.
Although Sugata said there is no guarantee that enhanced security measures will fully prevent such hacks, he advised that the risk can be lowered by enhancing internal security measures with hard-to-crack passwords.
“If it is possible, limiting access to the system from outside and managing it internally is one way to boost protection,” he said.
“Business owners who need more effective measures can ask telecommunications carriers to block outgoing international calls if such service is not required.”
Some experts are calling for rules to cope with such fraud, as the owners of hacked phones are required to pay the charged amount even if they claim they didn’t make the calls themselves.
A study group under the Internal Affairs and Communications Ministry is working to present a set of measures to counter such attacks in July.
“We will do everything to weigh the situation immediately and will continue to work on measures to prevent from future cyber incidents,” Internal Affairs and Communications Minister Sanae Takaichi told reporters Friday at a news conference after a regular Cabinet meeting.