Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Hack vulnerability of IP based PBX systems

Fortify : 24 December, 2008  (Technical Article)
Recent US hack on PBX results in $52000 phone bill presenting a timely reminder for protection of vulnerable systems
Fortify Software says that reports of a US firm being hit by $52,000 phone bill after hackers gained unauthorised access to the company's PBX, is a timely warning to all organisations to protect their telephony resources.

'The advent of IP-enabled PBXs, and the facility of remotely- programmable `conventional' PBX systems, means that hackers can - with sufficient time and access - rack up large phone bills on the unfortunate victim's account,' said Robert Rachwald, Fortify's director of product marketing.

'And with the holiday shutdown looming, this is the perfect time for hackers with time on their hands, to crack a firm's PBX and engage in more than a little phone call resale fraud,' he added.

According to Rachwald, this time of year is one of the busiest periods for phone companies on the international call front, with the result that international call resale fraud is also at its highest.

The fact that HUB Computer Systems in the US was hit by a phone bill for $42,359.59 in calls to Bulgaria, he says, illustrates the demand for fraudulent international calls.

Once a hacker has reprogrammed a company PBX to allow free dial- through international calls, one or more people act as `human operators,' accepting payments - always in cash - and then allow callers to place international calls at a heavy discount to their chosen destination.

'The modus operandi is always the same - the hackers stand at known meeting and gathering points for international visitors in a given city and then announces they are offering calls home, typically via prepay mobile phones, for a fraction of the normal costs. After that, they simply rake the money in - probably around $5,000 to $10,000 in the case of the HUB Computer Systems telephone hack,' he said.

'As firms prepare for the holiday shutdown, IT staff should take extra care to protect their company PBXs, as well as their firm's IT resources, shutting down systems that are unlikely to be used. Locking down the ability to reprogram the system remotely has to be high on the list of holiday period checklists,' he added.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo