PBX Hacking/WarDialling

[bazzieb]

Hi There

I have recently been on the receiving end of a "PBX Hack" which has cost the organization I work for a great deal of money. We have a CS1000 7.6 and CallPilot 5.1.

I have tested the dial through feature on CallPilot and I was able to dial through but this feature has since been disabled but the hacking still happened.

Does anyone know of what and where to check to be able to stop this from happening or just try to find out hoow they managed to do this.

Kind Regards

 

[KCFLHRC]

First of all I would make sure the voicemail ports are locked down with a TGAR and NCOS to block outgoing calls. Also look in the RPL in Call Pilot. I would also change all of your passwords in the PBX and Call Pilot.

 

[Firebird Scrambler]

Have you got any SIP trunks as it's becoming an area where hackers are finding ways to commit fraud.

Usually it was DISA in days gone by and now the weak areas tend to be via voicemail.

As advised above, force all mailbox users to reset their passcodes and delete any that aren't being used anymore.

Make sure that all your ACD agents for the Call Pilot have CLS = TLD and the NCOS to be the most restriction available. The TGAR needs to match your outgoing routes that generally have a TARG of 1 to prevent anyone from dialling ACOD's.

Go into Application builder and check your menu's in case one of them is routing out of the phone system.

It might be wise to disable the Call Pilot for a while to see if that is where the fraud is happening.




Firebird Scrambler
Nortel Meridian 1 / Succession and BCM / Norstar Programmer in the UK
Advance knowledge on BCM support

http://www.linkedin.com/in/davidbromley