The Toronto Star

CRTC tells Bell to pay bills run up by hackers

by Robert Brehl, bbrehl@thestar.ca

In a stinging decision, Bell Canada has been ordered to pay $581,638 for fraudulent calls made by ``hackers'' after it replaced human operators with machines.

The Canadian Radio-television and Telecommunications Commission said having human operators would have made the fraud ``virtually impossible''.

Bell has been slashing jobs, more than 12,000 in the past 2 1/2 years, and where possible replacing people with computers.

``The commission is of the view that where the telephone company makes such changes to its operating systems, it should make every effort to ensure that the changes do not increase the opportunities for fraud'', the CRTC decision stated.

Bell had wanted Rogers Cantel Inc. to pay because a teenage computer fraud artist known as Zap Phrog had set up Cantel voice mail boxes to tell Bell's automated attendant that these Cantel numbers would accept charges for third-party billing of long distance.

The calls were made between June 1 and July 31, 1993.

Once the hacker, who was 17 at the time, had set up the system, he alerted hackers all over North America via phone lines and electronic bulletin boards about the scheme for free calls, said Ian Angus, a telecommunications consultant and author of Phone Pirates.

Bell officials said they may or may not appeal the decision to the federal cabinet.

``Right now it is under review'', said Linda Gervais, Bell's vice-president of government relations.

``It is precedent-setting. We need to take a close look at this'', she said.

Angus said it sets a precedent because phone companies around the world have long won cases where the owner of the phone number is liable for fraudulent calls, not the phone company.

``The CRTC is saying otherwise and that Bell has failed to do its job'', Angus said. ``I am not aware of any other case like this.''

Here's how the scam worked:

``It was trivially easy'', Angus said. ``After word got out, it wasn't long until hundreds of thousands of dollars in calls were made.''

Len Katz, Cantel's senior vice-president, said the company is relieved by the decision because Bell has been adding late payment charges since the dispute began and the bill now exceeds $1 million.

The CRTC said Bell must credit Cantel's account for all charges, including late payment levies and taxes payable.

The CRTC came down unusually hard on Bell for making third-party billing from its own pay telephones go through live operators while not doing the same for Cantel and other customers.

``In the commission's view, it would be inappropriate for Bell to protect itself from fraud by restricting third-party billing to a live person for pay telephone calls while applying a different, less stringent standard -- i.e. acceptance by a machine -- such as to permit, as in Cantel's case, fraud to take place'', the CRTC said.

``Regarding Bell's position that it made every reasonable effort to protect Cantel once it learned of the fraud being conducted, the commission view is otherwise.''

Bell workers, while relieved at the CRTC's statements about the cautions of computers, fear Bell will use the decision to further the bad-news scenario it is painting within the company to slash jobs.

``It's a double-edged sword'', Bell union official Rory Hawes said.

``Management seems to take every bit of bad news to further plans to downsize.''

Experienced operators, he said, ``have a sixth sense to spot fraud artists on the line.''

The hacker, who cannot be named under the Young Offenders Act, was convicted on computer-fraud-related charges.

Copyright © 1997 by The Toronto Star. All Rights Reserved. Reprinted with permission.