Off Topic but important warning- Phone fraud - PBX hack

Had this happen once ages ago on a Nortel system. The vendor had done a system update and accidentally left DISA (Direct Inward System Access) enabled and we had a slew of calls to Bolivia. After some threats of legal action for "malpractice" we got them to eat the bill. DISA basically gets you an outward dial-tone from the system. DISA when linked to VM is a really weak solution. Some organizations allow it but closely guard the separate access code(s) - and monitor call activity daily. Even then you could be vulnerable to social engineering attempts to obtain the code.
-Todd C.


________________________________
From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf Of Len Hartka
Sent: Monday, December 21, 2009 4:59 PM
To: vantage@yahoogroups.com
Subject: RE: [Vantage] Off Topic but important warning- Phone fraud - PBX hack



Good Day David:

Update: Servcie group came out and made some changes to the hardware - I
do not have details. We should be OK now. Apparently was never correct.

Comdial - 6-8 years old but with recent software upgrade. It also
converts the incoming T1 lines to analog.
Also, it is not clear if they hacked the PBX or the Voice Mail -
they are two different boxes.

We do not use VOIP. I assume that is what you meant. Of course,
these days, once the call leaves the building, it is all VOIP. But, they
specifically said it was our VM. I will check that out. This is a
breaking story so details could change.

.


len.hartka@...<mailto:len.hartka%40sunautomation.com>

________________________________

From: vantage@yahoogroups.com<mailto:vantage%40yahoogroups.com> [mailto:vantage@yahoogroups.com<mailto:vantage%40yahoogroups.com>] On Behalf
Of David Gartner
Sent: Monday, December 21, 2009 5:30 PM
To: vantage@yahoogroups.com<mailto:vantage%40yahoogroups.com>
Subject: RE: [Vantage] Off Topic but important warning- Phone fraud -
PBX hack

Which PBX manufacturer do you use?

_____

From: vantage@yahoogroups.com<mailto:vantage%40yahoogroups.com> <mailto:vantage%40yahoogroups.com>
[mailto:vantage@yahoogroups.com<mailto:vantage%40yahoogroups.com> <mailto:vantage%40yahoogroups.com> ] On
Behalf Of
Len Hartka
Sent: Monday, December 21, 2009 3:06 PM
To: vantage@yahoogroups.com<mailto:vantage%40yahoogroups.com> <mailto:vantage%40yahoogroups.com>
Subject: [Vantage] Off Topic but important warning- Phone fraud - PBX
hack

Good Day:

We just got a nasty surprise from something I never gave any thought
to.
Professional hackers took over our PBX and sent 480 overseas calls.
8 of which lasted 18 hours or more. We had to shutdown our long distance
service.
We have just been informed ( text below) that established law makes
Us liable for the calls.

Per below, they guess the users Voice Mail password and go from
there. Many users have their passwords the same as their extension #, so
it is an easy hack.

They are coming over to discuss what we can do to protect the PBX -
besides having the users change their passwords.

We had in place the requirement that all long distance calls
required a the personal password to go through. We had to shut that down
last month because we changed phone vendors and they could not bypass
the fax machine, so we could not send any faxes. Obviously we will
revisit that.

So, you now have another thing for your task list.

len.hartka@sunautom <mailto:len.hartka%40sunautomation.com> ation.com
<BLOCKED::mailto:len.hartka@sunautom
<mailto:len.hartka%40sunautomation.com>
ation.com>

***************************************
We were in touch this morning about fraud that occurred on your
company's account. To follow up, I would like review what happened.

Hackers gained access to vulnerabilities in your system, which may
relate to weak voicemail passwords or perhaps something else. Once in
your system, they made outbound calls to locations with expensive
terminating points. In your case, this may have included Spain (several
24 hour long calls).

The FCC has ruled that the client is responsible for the cost of all
calls made from their PBX, including legitimate calls as well as if a
hack occurs on the account. It is the responsibility of your company
and your outside vendor to have the PBX secured to lock it up from
outside sources. Broadview utilizes a program that monitors calls and
attempts to discover fraudulent ones based off calling patterns. This
is how we discovered the hack on your system and we shut down the
international calling as a courtesy to Sun Automation.

Next, we ask that you get your PBX secured through the vendor. I have
turned on international calling this morning, but this is under your
company's knowledge that the hack could continue at any time until you
secure your PBX (hacks are more likely over the weekend or overnight,
but could take place at any time). I have attached a call log of the
calls for your use.

Thanks,

**************************************************************

Sun Automation Group

Celebrating

25 Years of Service

to the Corrugated Industry

**************************************************************

This e-mail and any attachments may contain proprietary and/or
confidential
information. If you are not the intended recipient, please notify the
sender
immediately by reply e-mail or at 410-472-2900 and then delete the
message
without using, disseminating, or copying this message or any portion
thereof. With e-mail communications you are urged to protect against
viruses.

[Non-text portions of this message have been removed]

[Non-text portions of this message have been removed]

This e-mail and any attachments may contain proprietary and/or confidential information. If you are not the intended recipient, please notify the sender immediately by reply e-mail or at 410-472-2900 and then delete the message without using, disseminating, or copying this message or any portion thereof. With e-mail communications you are urged to protect against viruses.

[Non-text portions of this message have been removed]





[Non-text portions of this message have been removed]
Good Day:

We just got a nasty surprise from something I never gave any thought
to.
Professional hackers took over our PBX and sent 480 overseas calls.
8 of which lasted 18 hours or more. We had to shutdown our long distance
service.
We have just been informed ( text below) that established law makes
Us liable for the calls.

Per below, they guess the users Voice Mail password and go from
there. Many users have their passwords the same as their extension #, so
it is an easy hack.

They are coming over to discuss what we can do to protect the PBX -
besides having the users change their passwords.

We had in place the requirement that all long distance calls
required a the personal password to go through. We had to shut that down
last month because we changed phone vendors and they could not bypass
the fax machine, so we could not send any faxes. Obviously we will
revisit that.

So, you now have another thing for your task list.


len.hartka@...
<BLOCKED::mailto:len.hartka@...>


***************************************
We were in touch this morning about fraud that occurred on your
company's account. To follow up, I would like review what happened.

Hackers gained access to vulnerabilities in your system, which may
relate to weak voicemail passwords or perhaps something else. Once in
your system, they made outbound calls to locations with expensive
terminating points. In your case, this may have included Spain (several
24 hour long calls).

The FCC has ruled that the client is responsible for the cost of all
calls made from their PBX, including legitimate calls as well as if a
hack occurs on the account. It is the responsibility of your company
and your outside vendor to have the PBX secured to lock it up from
outside sources. Broadview utilizes a program that monitors calls and
attempts to discover fraudulent ones based off calling patterns. This
is how we discovered the hack on your system and we shut down the
international calling as a courtesy to Sun Automation.

Next, we ask that you get your PBX secured through the vendor. I have
turned on international calling this morning, but this is under your
company's knowledge that the hack could continue at any time until you
secure your PBX (hacks are more likely over the weekend or overnight,
but could take place at any time). I have attached a call log of the
calls for your use.

Thanks,


**************************************************************

Sun Automation Group

Celebrating

25 Years of Service

to the Corrugated Industry

**************************************************************




This e-mail and any attachments may contain proprietary and/or confidential information. If you are not the intended recipient, please notify the sender immediately by reply e-mail or at 410-472-2900 and then delete the message without using, disseminating, or copying this message or any portion thereof. With e-mail communications you are urged to protect against viruses.


[Non-text portions of this message have been removed]
Which PBX manufacturer do you use?


_____

From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf Of
Len Hartka
Sent: Monday, December 21, 2009 3:06 PM
To: vantage@yahoogroups.com
Subject: [Vantage] Off Topic but important warning- Phone fraud - PBX hack




Good Day:

We just got a nasty surprise from something I never gave any thought
to.
Professional hackers took over our PBX and sent 480 overseas calls.
8 of which lasted 18 hours or more. We had to shutdown our long distance
service.
We have just been informed ( text below) that established law makes
Us liable for the calls.

Per below, they guess the users Voice Mail password and go from
there. Many users have their passwords the same as their extension #, so
it is an easy hack.

They are coming over to discuss what we can do to protect the PBX -
besides having the users change their passwords.

We had in place the requirement that all long distance calls
required a the personal password to go through. We had to shut that down
last month because we changed phone vendors and they could not bypass
the fax machine, so we could not send any faxes. Obviously we will
revisit that.

So, you now have another thing for your task list.


len.hartka@sunautom <mailto:len.hartka%40sunautomation.com> ation.com
<BLOCKED::mailto:len.hartka@sunautom <mailto:len.hartka%40sunautomation.com>
ation.com>


***************************************
We were in touch this morning about fraud that occurred on your
company's account. To follow up, I would like review what happened.

Hackers gained access to vulnerabilities in your system, which may
relate to weak voicemail passwords or perhaps something else. Once in
your system, they made outbound calls to locations with expensive
terminating points. In your case, this may have included Spain (several
24 hour long calls).

The FCC has ruled that the client is responsible for the cost of all
calls made from their PBX, including legitimate calls as well as if a
hack occurs on the account. It is the responsibility of your company
and your outside vendor to have the PBX secured to lock it up from
outside sources. Broadview utilizes a program that monitors calls and
attempts to discover fraudulent ones based off calling patterns. This
is how we discovered the hack on your system and we shut down the
international calling as a courtesy to Sun Automation.

Next, we ask that you get your PBX secured through the vendor. I have
turned on international calling this morning, but this is under your
company's knowledge that the hack could continue at any time until you
secure your PBX (hacks are more likely over the weekend or overnight,
but could take place at any time). I have attached a call log of the
calls for your use.

Thanks,


**************************************************************

Sun Automation Group

Celebrating

25 Years of Service

to the Corrugated Industry

**************************************************************

This e-mail and any attachments may contain proprietary and/or confidential
information. If you are not the intended recipient, please notify the sender
immediately by reply e-mail or at 410-472-2900 and then delete the message
without using, disseminating, or copying this message or any portion
thereof. With e-mail communications you are urged to protect against
viruses.

[Non-text portions of this message have been removed]







[Non-text portions of this message have been removed]
Good Day David:

Update: Servcie group came out and made some changes to the hardware - I
do not have details. We should be OK now. Apparently was never correct.

Comdial - 6-8 years old but with recent software upgrade. It also
converts the incoming T1 lines to analog.
Also, it is not clear if they hacked the PBX or the Voice Mail -
they are two different boxes.

We do not use VOIP. I assume that is what you meant. Of course,
these days, once the call leaves the building, it is all VOIP. But, they
specifically said it was our VM. I will check that out. This is a
breaking story so details could change.

.


len.hartka@...

________________________________

From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf
Of David Gartner
Sent: Monday, December 21, 2009 5:30 PM
To: vantage@yahoogroups.com
Subject: RE: [Vantage] Off Topic but important warning- Phone fraud -
PBX hack




Which PBX manufacturer do you use?

_____

From: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>
[mailto:vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com> ] On
Behalf Of
Len Hartka
Sent: Monday, December 21, 2009 3:06 PM
To: vantage@yahoogroups.com <mailto:vantage%40yahoogroups.com>
Subject: [Vantage] Off Topic but important warning- Phone fraud - PBX
hack

Good Day:

We just got a nasty surprise from something I never gave any thought
to.
Professional hackers took over our PBX and sent 480 overseas calls.
8 of which lasted 18 hours or more. We had to shutdown our long distance
service.
We have just been informed ( text below) that established law makes
Us liable for the calls.

Per below, they guess the users Voice Mail password and go from
there. Many users have their passwords the same as their extension #, so
it is an easy hack.

They are coming over to discuss what we can do to protect the PBX -
besides having the users change their passwords.

We had in place the requirement that all long distance calls
required a the personal password to go through. We had to shut that down
last month because we changed phone vendors and they could not bypass
the fax machine, so we could not send any faxes. Obviously we will
revisit that.

So, you now have another thing for your task list.

len.hartka@sunautom <mailto:len.hartka%40sunautomation.com> ation.com
<BLOCKED::mailto:len.hartka@sunautom
<mailto:len.hartka%40sunautomation.com>
ation.com>

***************************************
We were in touch this morning about fraud that occurred on your
company's account. To follow up, I would like review what happened.

Hackers gained access to vulnerabilities in your system, which may
relate to weak voicemail passwords or perhaps something else. Once in
your system, they made outbound calls to locations with expensive
terminating points. In your case, this may have included Spain (several
24 hour long calls).

The FCC has ruled that the client is responsible for the cost of all
calls made from their PBX, including legitimate calls as well as if a
hack occurs on the account. It is the responsibility of your company
and your outside vendor to have the PBX secured to lock it up from
outside sources. Broadview utilizes a program that monitors calls and
attempts to discover fraudulent ones based off calling patterns. This
is how we discovered the hack on your system and we shut down the
international calling as a courtesy to Sun Automation.

Next, we ask that you get your PBX secured through the vendor. I have
turned on international calling this morning, but this is under your
company's knowledge that the hack could continue at any time until you
secure your PBX (hacks are more likely over the weekend or overnight,
but could take place at any time). I have attached a call log of the
calls for your use.

Thanks,

**************************************************************

Sun Automation Group

Celebrating

25 Years of Service

to the Corrugated Industry

**************************************************************

This e-mail and any attachments may contain proprietary and/or
confidential
information. If you are not the intended recipient, please notify the
sender
immediately by reply e-mail or at 410-472-2900 and then delete the
message
without using, disseminating, or copying this message or any portion
thereof. With e-mail communications you are urged to protect against
viruses.

[Non-text portions of this message have been removed]

[Non-text portions of this message have been removed]






This e-mail and any attachments may contain proprietary and/or confidential information. If you are not the intended recipient, please notify the sender immediately by reply e-mail or at 410-472-2900 and then delete the message without using, disseminating, or copying this message or any portion thereof. With e-mail communications you are urged to protect against viruses.


[Non-text portions of this message have been removed]