Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 
BDFL
47934 posts

Uber Geek
+1 received by user: 3540

Administrator
Trusted
Geekzone
Subscriber

  Reply # 369693 19-Aug-2010 09:45 Send private message

Bringing up this old topic alive since I got a press release today about this topic...


PABX Fraud increases fourfold
19 August 2010 
 
Introduction
 
Fraudsters are targeting unsecured PABXs in New Zealand and getting away with hundreds of thousands of dollars annually.  The incidence of fraud has increased fourfold in 2010 with an estimated 30  40 New Zealand companies getting hit by international PABX fraudsters every month. 

Leaving your PABX unsecured is like leaving your PIN numbers or bank account details and access codes pinned to your front door.  Security of your PABX is easily as important as the security of your PC, its relatively easy to defraud you of thousands of dollars if you havent made your system secure. 
 
Whos at risk?  Often this is now the small businessman or woman with a PABX (often their first). In one recent case it was an individual who had downloaded a free software-based VoIP PABX and installed it on their home computer.  An unsecured PABX system can be compromised via an insecure voicemail system (or similar), that allows incoming callers to dial extensions directly.

From there, some insecure PABX systems can even allow callers to access outside lines. Hackers have targeted these systems around the world sometimes resulting in a large volume of international calls being charged to the PABX users account.  To help ensure your business is protected against this type of fraud, we advise you check your PABX system is secure and it is adequately configured to maximise your security.  
 
Minimising your risk
 
We strongly recommend you take action now. It is vital that you review and follow the attached security measures as soon as possible.  If you have any questions regarding your own particular PABX, contact your vendor in the first instance for advice on securing your system.  Visit: www.tig.org.nz/stoppabxfraud for more details, advice and links to other information.   The TIG is an industry group aimed at increasing the contribution of telecommunications to New Zealand society and economy.

Guard against PABX hacking  what you can do

1. CHOOSE A STRONG PASSWORD: Voicemail and DISA passwords should be changed on a regular basis, avoiding factory defaults and obvious combinations such as 1234 or the extension number. 

2. CHANGE IT: Make sure all security features  passwords, PINS etc  are changed following installation, upgrade and fault/maintenance. Dont forget to reset password defaults. 

3. KEEP IT CONFIDENTIAL: Keep all internal information such as directories, call logging reports and audit logs confidential. Destroy them appropriately if no longer required. 

4. REVIEW REGULARLY: Review system security and configuration settings regularly. Follow up any vulnerabilities or irregularities. 

5. VENDOR TERMS AND CONDITIONS: Make sure you have the right terms and conditions reflected in your contracts with your PABX, VoIP and/or voicemail maintainer in order to keep your system regularly maintained and serviced to stay safe. 

For more tips on preventing PABX hacking on your system visit: www.tig.org.nz/stoppabxfraud    





BDFL
47934 posts

Uber Geek
+1 received by user: 3540

Administrator
Trusted
Geekzone
Subscriber

  Reply # 385331 28-Sep-2010 09:19 Send private message

Man gets ten years for VoIP fraud...


Edwin Pena, 27, was convicted in February of masterminding a scheme to hack into more than 15 telecommunications companies and then reroute calls to their networks at no charge. He must also pay more than US$1 million in restitution, and will be deported once his sentence is served.

Pena was sentenced by Judge Susan Wigenton in U.S. District Court for the District of New Jersey on computer hacking and wire fraud charges.

The scam cost his victims, including VoIP sellers Net2Phone, NovaTel and Go2Tel, more than $1.4 million in losses.






3551 posts

Uber Geek
+1 received by user: 60

Trusted
WorldxChange

  Reply # 385343 28-Sep-2010 09:45 Send private message

Should have been 20




Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well Wink

             

https://www.facebook.com/wxccommunications

1603 posts

Uber Geek
+1 received by user: 64

Trusted

  Reply # 385821 29-Sep-2010 12:36 Send private message

Software PABX running on a PC so you can't disconnect until its secure and ready to deploy.... Guess I won't do that now :)





Qualified in business, certified in fibre, stuck in copper, have to keep going  ^_^

3551 posts

Uber Geek
+1 received by user: 60

Trusted
WorldxChange

  Reply # 385825 29-Sep-2010 12:49 Send private message

webwat: Software PABX running on a PC so you can't disconnect until its secure and ready to deploy.... Guess I won't do that now :)



Sorry I don't understand what your saying here ?




Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well Wink

             

https://www.facebook.com/wxccommunications

BDFL
47934 posts

Uber Geek
+1 received by user: 3540

Administrator
Trusted
Geekzone
Subscriber

  Reply # 390500 11-Oct-2010 14:49 Send private message

More coverage on this, this time in Australia, via Slashdot:

"Australian network companies have told of clients receiving phone bills including $100,000 worth of unauthorised calls placed over compromised VoIP servers. Smaller attacks have netted criminals tens of thousands of dollars worth of calls. A Perth business was hit with a $120,000 bill after hackers exploited its VoIP server to place some 11,000 calls over 46 hours last year. ... Local network providers and the SANs Institute have reported recent spikes in Session Initiation Protocol (SIP) scanning — a process to identify poorly configured VoIP systems — and brute-force attacks against publicly-accessible SIP systems, notably on UDP port 5060."




BDFL
47934 posts

Uber Geek
+1 received by user: 3540

Administrator
Trusted
Geekzone
Subscriber

  Reply # 520822 14-Sep-2011 10:22 Send private message

The TCF has sent out a release today (yes, 18 months after we started this discussion here) and put a web page for this topi on their web site:


How much could PABX fraud cost your business?

Business owners are being warned to secure their PABX phone systems to prevent hackers from accessing them during the Rugby World Cup.

The Telecommunication Carriers Forum (TCF) says the incidence of PABX fraud increased four-fold during 2010, with an estimated 30 to 40 New Zealand companies getting hit by international PABX fraudsters every month. They racked up international telephone calls worth hundreds of thousands of dollars.

TCF CEO David Stone says that while PABX fraud has fallen this year, it is still the main fraud risk facing telcos and their customers. He says there is a real danger that the incidence of PABX fraud will increase during the Rugby World Cup.

“With so many tourists expected to visit New Zealand, international fraudsters may take the opportunity to target New Zealand for PABX hacking during this time,” he says.

Mr Stone says that leaving your PABX unsecured is like leaving your PIN numbers or bank account details and access codes pinned to your front door.

“Security of your PABX is easily as important as the security of your PC; it’s relatively easy to defraud you of thousands of dollars if you haven’t made your system secure.”
What is PABX fraud?

PABX fraud happens when someone hacks into an unsecured voicemail system (or similar) that allows incoming callers to dial extensions directly. The hackers then redirect internal DDI calls to an external international number.

Who is at risk?
Anyone with a PABX system is at risk from hacking. It makes no difference whether the system is linked to the PSTN or is an IP system. One recent case involved an individual who had downloaded a free software-based VoIP PABX and installed it on their home computer.

How to guard against PABX hacking
1. CHOOSE A STRONG PASSWORD: Voicemail and Direct Inward Systems Access (DISA) passwords should be changed on a regular basis, avoiding factory defaults and obvious combinations such as 1234 or the extension number.

2. CHANGE IT: Make sure all security features – passwords, PINS etc – are changed following installation, upgrade and fault/maintenance. Don’t forget to reset password defaults.

3. KEEP IT CONFIDENTIAL: Keep all internal information such as directories, call logging reports and audit logs confidential. Destroy them appropriately if no longer required.

4. REVIEW REGULARLY: Review system security and configuration settings regularly. Follow up any vulnerabilities or irregularities.

5. VENDOR TERMS AND CONDITIONS: Make sure you have the right terms and conditions reflected in your contracts with your PABX, VoIP and/or voicemail maintainer in order to keep your system regularly maintained and serviced to stay safe.

For more tips on preventing PABX hacking on your system visit: http://www.tcf.org.nz/PABXfraud 
 




3551 posts

Uber Geek
+1 received by user: 60

Trusted
WorldxChange

  Reply # 520867 14-Sep-2011 11:21 Send private message

Saw this as yesterday as well, Probably a good time to re post my thoughts around this as well since we saw a hack attempt as well today,

http://www.geekzone.co.nz/forums.asp?forumid=43&topicid=60027




Yes I am a employee of WxC (My Profile) ... but I do have my own opinions as well Wink

             

https://www.facebook.com/wxccommunications

3bit.com
5720 posts

Uber Geek
+1 received by user: 104

Moderator
Trusted
Subscriber

  Reply # 520916 14-Sep-2011 12:45 Send private message

maverick: S... since we saw a hack attempt as well today,


To the WxC core? That's what happens when you and your boys run torrents internally Tongue out 




1818 posts

Uber Geek
+1 received by user: 42


  Reply # 520919 14-Sep-2011 12:51

johnr: Its not a telco issue any warning is good will



Exactly. It's like the people who setup wifi access for everyone without a password. 




Digital Recruitment Consultant - UXD, Service Design, Front-end dev & pretty much anything creative in the digital space. Follow me on Twitter

3bit.com
5720 posts

Uber Geek
+1 received by user: 104

Moderator
Trusted
Subscriber

  Reply # 520935 14-Sep-2011 13:10 Send private message

SteveON: Exactly. It's like the people who setup wifi access for everyone without a password. 


ISPs didn't help, especially for the less tech-savvy, by shipping wireless routers that were wide open.

Now all of them ship with them locked down and the password is often the mac address of the router.  This has helped reduce this issue.




10151 posts

Uber Geek
+1 received by user: 268

Trusted
Subscriber

  Reply # 520945 14-Sep-2011 13:21 Send private message

Password of the mac address? How is that going to help? I also recall that the thompsons had an issue where their default password method was reverse engineered at somepoint.




Richard rich.ms

18542 posts

Uber Geek
+1 received by user: 730

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 520982 14-Sep-2011 14:44 Send private message

nate:
SteveON: Exactly. It's like the people who setup wifi access for everyone without a password. 


ISPs didn't help, especially for the less tech-savvy, by shipping wireless routers that were wide open.

Now all of them ship with them locked down and the password is often the mac address of the router.  This has helped reduce this issue.


The MAC address is a waste of time since this is viewable from a WiFi scan and the wireless and LAN MAC addresses typically only have a single character different.

 

1 | 2 | 3 | 4 | 5 | 6 
View this topic in a long page with up to 500 replies per page Create new topic








Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when new jobs are posted to our jobs board:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »

Trending now »
Hot discussions in our forums right now:

Forms of government for New Zealand
Created by charsleysa, last reply by KiwiNZ on 20-Apr-2014 18:55 (120 replies)
Pages... 6 7 8


MH370 - Call for Search & Rescue Help
Created by DS248, last reply by Sideface on 17-Apr-2014 17:28 (735 replies)
Pages... 47 48 49


why does the tax payer have to pay for the prince and princess' 6 star holiday?
Created by joker97, last reply by Geektastic on 17-Apr-2014 15:49 (67 replies)
Pages... 3 4 5


Naked Broadband, who's made the switch.
Created by Presso, last reply by richms on 20-Apr-2014 23:04 (31 replies)
Pages... 2 3


galaxy s4 now on 4.4.2
Created by nzrock, last reply by jeffnz on 20-Apr-2014 14:10 (59 replies)
Pages... 2 3 4


Whats the best wife friendly media centre?
Created by amorpeth, last reply by jonolynn on 19-Apr-2014 20:20 (14 replies)

Snap suffering Trans-Tasman congestion 18/04?
Created by Lias, last reply by NonprayingMantis on 19-Apr-2014 00:05 (26 replies)
Pages... 2


Help ! Home business connection and VDSL dead. yikes.
Created by Scotsman, last reply by Scotsman on 17-Apr-2014 21:10 (26 replies)
Pages... 2



Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.