Hacked and an UTS bill of over ANG 100.000 (in a month)
- Details
- Saturday, 12 November 2011 11:19
This week another company (the second one that I know of) got a jaw dropping invoice of UTS.
Yamadanan pa numbernan internashonal via UTS > ANG100.000,--
Ok, pickup your jaw and read on because this can happen to everyone with a PBX (Private Branch Exchange/Private telephone network) that is not properly secured. It is obvious that the PBX was hacked but how did it happen, who did it and who’s gone pay for this?
When it happens to you your company is responsible for all charges incurred on your system. Recent court decisions make you, not the carrier, responsible for the security of your CBX/PCX system if you have not taken steps to protect your assets. Fraudulent calls are placed over many different inter-exchange carriers (IXC); each carrier must pay that portion of the call handled by them. When the call is placed to an international location the domestic carrier must pay the foreign carrier regardless of the fraud. FCC rulings prevent carriers from writing off calls. You the end user control access to your systems.
Communication theft is perpetrated from remote distances by highly skilled, technologically sophisticated criminals who have little fear of being detected, let alone apprehended or prosecuted. These criminals conduct a growing business selling access to communications systems all over the world. Only the customer can differentiate legitimate calls from fraudulent ones. The long distance carriers do not have access or permission to work on your CBX / PBX, the vehicle that hackers use most to conduct their activities.
How will the hacker find your system and hack it? 1) Criminals pay for a CBX / PBX maintenance port number and password. 2) Hackers 'scan' using auto-dialers to find systems equipped with modems. 3) Your Company's telephone directory listing or your 800 service advertising makes you known to the hacker. Hackers use computerized calling programs, automatic dialers, and sophisticated software to break your systems security and pass codes. Hackers attempt to gain access in the following order:
1) Phone Mail / Voice Mail, 2) Automated Attendant, 3) Remote Access or Direct Inward Service Access (DSIA). 4) Remote Maintenance/ Administration Port. This is the most important port on your CBX / PBX system. Hackers gain access to your system software and control your Voice Mail, DISA and other CBX / PBX features through the maintenance port. It’s very important to protect this port. What happens when they find this port? Hackers use manufacturers default passwords or computer generated, cracker programs until they find a usable password. They then enter a system unlawfully and make software changes that allow unauthorized calls. Information on how to use your altered system is then sold to "call sell operators" who sell calls over your system to whoever wishes to place calls. These calls are typically made from public telephones (pay phones) in large cities.
Hackers identify the type of CBX/PBX by the Login procedure used for each system. They know the pass codes for each vendor CBX / PBX. Hackers also recognize the various Voice Mail and Phone mail systems by the default digitized voice recordings. How do they use your Voice Mail? Through your Voice Mail the hacker is able to use your CBX / PBX "trunk-to-trunk connections" feature to access your long distance network. Your Voice Mail might also be used as a "bulletin board" to distribute stolen credit card and other hacker related information. They may change your greeting to "Hello!...pause....Yes, I'll accept the charges to Zaire."
As with your personal lives, the better informed you are to the risks the better protected you are. Stay on top of the threats and implement a current policy on security and a secure system configuration. Form a team that includes a team approach to security and service with your equipment vendor. Insist on seeing evidence that UTS will join your team. They must have an adequate plan to identify theft of service, a client education program and a plan to provide you with assistance beyond their control.
Last Updated on Saturday, 12 November 2011 12:36
