As described in the Indictment, M.Z and S.K, residing in Italy, were among the financiers of the hacking and owned and operated call center operations in Italy from which their customers would make calls throughout the world. To increase their profits, M.Z. and
S.K. made efforts to incur as little costs as possible in routing their customers’ telephone
calls to the intended call-recipient.
M.Z. and S.K. recruited N., K., G. and others to hack into the telephone networks of unsuspecting large corporations and entities so that telephone calls from the call centers could be transmitted over the hacked networks. To accomplish their mission, the hackers gained an intimate familiarity with the programming of the public branch exchange (PBX) telephone systems.
As the hackers dialed into the systems, they were able to identify the type of PBX system
by the prompts and were thereby able to begin a process, known as a brute force attack, by which they sought to attack vulnerable points of the PBX systems. Often, the vulnerable points consisted of telephone extensions with default passwords still in place.
After using a couple of methods to exploit the information they gained regarding the hacked PBX systems (described in greater detail in the Indictment) , the hackers transmitted the information about the hacked system back to the financiers. The hackers – N., K., G. and others – were then paid approximately $100 per hacked telephone system.
In March 2007, the Philippines National Police executed search warrants and arrested seven individuals, including Nusier, Kwan and Gomez, in connection with the present investigation. As part of the Philippines investigation, it was revealed that the PBX systems of over 2,500 victim corporations in the United States, Canada, Australia and Europe were infiltrated. The searches yielded dozens of notebooks full of the telephone numbers and access codes to the victim PBX systems.
