Friday, February 3, 2012

Security Director Alert - Conference Call Eavesdropping

A conference call between Scotland Yard and the FBI has been intercepted and published by a member of the computer hacking group Anonymous.

The hacker apparently managed to access the call after getting into an FBI email which gave details of the call. The email was also posted online. (more)

Murray Associates advice:
Conferencing numbers and passwords are often posted on cubicle walls, sent via email and sometimes written underneath the table-top speakerphones themselves. This is a common, but dangerous, employee habit in many of the companies we visit. Conference call information should be held confidential and distributed on a need-to-know basis. To do otherwise, invites unauthorized call participants.

Teleconferencing Checklist
• Change all current passcodes.
• Tell employees they should not email or post the new passcodes.
• Switch to a conference call system where:
-- each participant is given a unique passcode,
-- the passcode is changed for each new conference call,
-- only the pre-authorized number of callers may be admitted,
-- and a record of all call participants is available to the call leader.

Think this is a rare problem?
Think again...

More Conference Call Intercepts & Advice