Hacked

[Dmacnumberfour]

Hello,
A customer called us and informed us that they have been hacked into. They have a MICS with a T1 and DID's not sure of the software version. Also ahve a NAM,also not sure of the software version on it. They got clipped for a $14,000.00 bill for calls to the Philippines. Are the two ways to hack a system thru DISA and out thru somebodys mailbox? I have read threads about this on the site but the search feature isn't working right now, getting some work done to it.
Dmac,

 

[NTL555]

Well, we also got hacked through our system. They came in thru the voicemail and accessed a line. I don't know exactly how they did this, but the mailbox did not have a phone number to call nor was anything else programmed as far as remote access.

What we ended up doing is turning night restrictions on and locking up the lines from dialing anything but 911.

Nam555

 

[Roldan]

This seems to be happening more frequently, I had a customer report the same thing to me about a month ago. It was strange, just before it happened, I had just enabled the external call forwarding for 2 extensions about 3 days prior to this happening. The phone company called the customer to report it to them because it was unusual. We disabled the external call forwarding and haven't heard of any problems since. I'd say it's a good idea to disable external call forwarding and off premise notification at this time. By the way, my customer too, has an MICS w/ T1/DID's and a NAM both 4.0, however I don't think the software versions make a difference.

Louie Roldan

http://www.4vertex.com

 

[exsmogger]

I'd also suggest changing all the passwords in your system to 8 digits to make it nearly impossible to guess (as long as people don't use passwords such as 12345678 or 87654321).

Brian Cox

http://www.jandjcommunications.com

 

[Dmacnumberfour]

Thanks for all the suggestions, we'll see how the customer wants to approach this.
Dmac,

 

[gutwrench]

When I have seen this, usually the hack goes thru the general Mbox where outdial is allowed. The hackers seem to be dialing into the system as an "end user" and accessing an unscure box (like Gen Mbox which usually has 1234 or other simple p-word). Once in the box, they set the outdial to a "10 10" type carrier code. Then call back to that box, press 7 and get "handed" LD dialtone. What I do is, connect dot matrix printer to NAM and run Mbox info report this shows who has outdial and what it's set to. Solution is better password protocol and take away outdial from all users who do not have a NEED for it. Of course, when you enable it, advise customer of potential for hacking. I used to set outdial to pool on every box on evry install now I don't.

 

[NorstarWiz]

Do a google on hacking Nortel Voicemails and you'll find a plethora of options to hack into these things!!!! I'm with gutwrench on this...the most common hacks are thru the Gen delivery.

 

[Roldan]

Amazing, as I was reading gutwrench's post I was thinking that maybe he (or She?) shouldn't have posted how the hack is done, it's good info for us installers to know but not everyone here is an installer. Then I read NorstarWiz's comments and I can't believe you could find that kind of stuff on the net, actually I can believe it, people use it for the wrong reasons all the time.

Louie Roldan

http://www.4vertex.com