, SecurityFocus 2004-12-07
A Las Vegas adult services operator is making a federal case of his longstanding claim that cyber security weaknesses at the local phone company have permitted hackers to hijack calls intended for his stable of in-room entertainers -- reprising a complaint that state regulators rejected in 2002.Eddie Munoz is seeking $30 million in damages from Sprint of Nevada, accusing the company of unfair business practices, in a lawsuit filed in federal court last fall.
Munoz first complained to the Nevada Public Utilities Commission in 1994 that Sprint was
Sprint maintained that its security was adequate, and insisted that, to the company's knowledge, it had never been hacked. But in several days of PUC hearings in 2002, company officials admitted that they'd lost or destroyed years of records in a reorganization of their security department, and that they'd permitted dial-up access into their switches for maintenance purposes with little logging.
Ex-hacker Kevin Mitnick -- hired by Munoz as a consultant -- even
The commission eventually dismissed the claim, concluding in its final ruling that "Sprint's security is no better nor no worse than that of other telephone companies," and crediting the company with taking "reasonable steps" to protect its network.
Citing that finding, attorneys for Sprint of Nevada asked the court last month to dismiss Munoz's new lawsuit, on the grounds that the matter was settled, and the former vice king lost his chance to appeal years ago. Sprint also sites a PUC tariff that holds Nevada telephone companies immune from liability for errors in delivering phone calls. A ruling on the motion to dismiss is likely to come early next year.