PBX phone phreakers ring up huge bills in Oz
Security loophole allows bad nattering
Phreakers are using security loopholes in PBX systems to make international calls at the expense of businesses in Western Australia.
Telephone system hackers are exploiting the call forward function on older PBXs to make expensive international phone calls at virtually no cost to themselves, WA police warn. In one case a internet-based PBX system in Perth was used to make 11,000 international calls in the space of 46 hours.
The firm only became aware of the attack after a A$120,000 bill landed on their doorstep. Det Sgt Jamie McDonald told The WestAustralian that smaller businesses were being targeted in the ongoing attacks.
McDonald urged firms to take appropriate security precautions. “Most businesses are prepared to install firewalls on their computers but fail to extend that level of security to their phone systems,” he said.
Phone phreaking is a far less publicised crime than computer hacking, but the results can be even more costly to victims than a virus infection or hacker attack, as the West Australian case illustrates. Cybercrooks typically sell access to compromised systems through underground forums. ®
H323 is a fallback by default on CCME.
Everybody (not stupid ones anyway) block outside SIP ports as a company policy however intruders retry using H323 even though it's not configured (ie doesn't show in sh run) and it connects just fine.
Cleaned a competitors phone system last week...
i'd like to know
what PBX systems were affected.....
....i wonder if its a meridian opt. 11c...
@ Ground Rush
What you write is sadly too true. I had an experience a few years ago with an 'Authorised Dealer' who charged 70 quid for *not* being able to diagnose a fault in my car. The "technician's" conclusion was that the engine and transmission were both knackered, repair/replacement would hurt to the tune of 10 grand. I had up to that moment not realised that 'knackered' was a technical term for : "I don't know how to operate the diagnostic tool, so I will never know what the issue is. However for forty grand you can buy a new car from us instead. That'll be 70 quid, thanks."
Needles to say I left the premises rapidly, got a 'second opinion' from an experienced 'old hack'.
He asked me to start the engine. He listened. He asked me to stop and start it again. He listened. Without even lifting the bonnet (hood), he diagnosed a faulty fuel injection pump.
It cost me a replacement pump (three hundred quid+labour), but 260,000 km later it is still going like the clappers. I am still trying to get my 70 quid back from the high-tech 'Dealer'.
Now I do my own diagnostics, or get a semi-retired mech to take a look.
Wow, this is really going off topic...
Paris, to bring it back on topic.