BELTON — Getting a bill that’s larger than expected can result in a sinking feeling. For Bell County, that sinking feeling was caused by a phone bill about $27,000 higher than usual.
After learning that hackers penetrated Bell County’s phone system from Nov. 30 to Dec. 2 and placed a series of international calls, county personnel knew the bill was going to be high. They just didn’t know how high.
“Our bill was $27,220.22 for one day,” County Auditor Donna Eakin said. “Our bill in October was $855. I have staff members who’ve been here 35 years and they’ve never seen anything like this.”
The stratospheric phone bill came from the first of two separate incidents when an unknown number of hackers exploited weaknesses in the county’s phone system to place outgoing calls that appeared to be coming from, and were billed to, Bell County.
The first attack, which started Nov. 30, targeted a weak password on an extension in the Road and Bridge Department.
Cracking the four-digit password gave the hackers access to the phone’s automated menu system and allowed them to route calls to the Caribbean island nation of Grenada through Bell County’s switchboard.
Jim Chandler, director of Bell County’s Technology Services Department, said AT&T personnel first detected suspicious activity on the county’s phone network soon after the incursion happened.
“AT&T spent several days doing an investigation to determine whether the calls were being made internally within the Bell County phone system,” Chandler said.
On Dec. 2, AT&T alerted the technology services department to the suspicious activity. Since AT&T’s personnel believed the calls were originating from within the county’s phone system, they requested that county personnel conduct their own internal investigation.
“We immediately asked AT&T to disable our international call capability upon learning about the issue and continue to monitor for unusual activity,” Chandler said.
After spending a day troubleshooting the problem, Chandler’s team was able to isolate the source of the problem — a third-party caller who was able to enter the phone’s voicemail password and co-opt the remote dial feature.
In the two days before the international calling capability was disabled, Chandler said the hackers placed “thousands of phone calls to Grenada, each lasting a few seconds.”
Sean Brown, a director of network operations with 15 years in the telecommunications industry, said that in his experience, multiple short-duration long distance calls, like those Bell County experienced, are the hallmark of a “connect charge scam.”
“Companies in South Africa and South America will charge these really high fees to connect to a phone number, like $10 a call,” Brown said. “And they get a lot of connections in a short time and then send the bills to U.S. carriers.”
The total cost of the attack won’t be revealed until the county gets the December bill, but Chandler said the county has already made plans to appeal.
the fraudulent charges.