A SENIOR police officer has revealed how his own company was hacked by suspected ‘terrorists’.
Chief officer Tom Haye leads Hampshire’s Special Constabulary, and is national policing lead for the cyber special constables and cyber volunteers programme, bidding to get IT experts to give their time for free to police.
Speaking to The News about how police have had to rapidly adapt to cyber crime, Mr Haye said when such incidents used to be reported, people received a ‘tumbleweed’ response.
Mr Haye said his systems integration firm, which specialises in security and defence, had been hacked when a port was left open by an engineer.
He said: ‘The call-taker I spoke to when I reported my crime needed to understand, as long as I was clear enough about it, that a crime had been committed, that it involved technology rather than physically a window being broken.
‘In my day job I run an integration company and our telephone exchange got hacked.
‘They were routing calls from Ukraine to Afghanistan through our exchange.
‘We picked it up straightaway, we stopped it. One of our engineers left a port open.
‘But nevertheless it happened, someone hacked into our exchange and started using it for calls, as far as we could see. We got someone to trace the IP addresses. One was in the Ukraine and the other in Afghanistan. Our Alton exchange isn’t going to be used for that normally.
‘It was at that point I thought “we’ve fixed it”, but a crime had been committed nevertheless’.
He added: ‘We blocked the IP addresses, we actually got them blacklisted, not that it makes much difference, but that’s something that you can do. We nailed the ports shut that they were hacking us through.
‘They were using it to make dodgy phone calls between Afghanistan and the Ukraine.
‘In reality it’s probably terrorist-related because it was specifically those two countries and therefore it’s likely. It wouldn’t be some granny phoning her grandson in Afghanistan to see how he was doing.’
Mr Haye warned that larger firms could be more susceptible to being hacked and phone lines used for ‘nefarious’ uses – without knowing.
He said: ‘A big company may not spot that for six months.’
‘If you’ve got 1,000 telephone lines and 200 are being used for this kind of activity, you would probably never know.’