Voice Mail Hacking... NYNEX Style

In mid-August the NYNEX Business Centers' nationwide voice mail information system was penetrated by unauthorized individuals.  According to Randy Hareford, voice mail administrator at NYNEX, numerous "kids, maybe twelve or thirteen years old," who "didn't know what they were doing" took over 38 of approximately 1900 voice mailboxes on the system.

Dial-up modem numbers used to manage the system were posted on at least two bulletin boards and sent to other interlopers via the voice mail system, but most of the encroachment was blamed on the use of "easy passwords" chosen by legitimate users.  The callers identified themselves with aliases such as Flight Commander, Knight Caller, Blackbeard, Chris Columbus, Photo Bug, Easy E, Ray Gun, Mr. Upright, Teenage Warrior, and Mr. Six.

According to Hereford, at least one message passed between purloined mailboxes contained information detailing stolen credit card numbers and expiration dates.  The FBI was reportedly notified, but was only interested in the credit fraud issue; not in security problems with the system.  Interestingly, NYNEX has always maintained that messages on the system were not retrievable by anyone other than the addressee.

The security breach allegedly brought the system down one evening and later resulted in a system broadcast to all users warning them not to convey sensitive information on the system, instead suggesting "more secure" methods such as the U.S. Mail, IBM PROFS, and the direct-dial telephone network.

While most of the abused mailbox passwords were deleted and reassigned after two weeks, the system administrator received one message offering information about other compromised mailboxes and the security loopholes used in exchange for legitimate voice mail privileges.  The offer was neither accepted nor replied to.