School Hacked and Made International Calls 3

[DawsIsHere]

So I came into the office today with a pressing phone call from one of the high schools that we manage their IPO for. They had gotten hacked and were making international calls to Serbia, thankfully the provider caught this and stopped it before it got too out of hand. (they're also not charging the high school which is neat) We've since blocked international dialing on both the provider side and the IPO side of the house. But I'm curious on how this was done.. I was thinking they got in somehow through voice mail? Or TSPI since it was left (by default) on an unsecured port. Any ideas? I just want to know to prevent it from happening again/to other customers that have international dialing.

Thanks guys!

Anything That Can Go Wrong, Will Go Wrong-De Morgan

 

[DawsIsHere]

I ended up looking at an article the FCC put out about people getting in through voicemail by having an easy or no password set. We have since fixed this issue but the hackers are using spoofed numbers to bombard our customers Voice Mail boxes. The providers are blaming our system for the calls coming in but we can only stop international outbound calls... not inbound.. we also can't block all of these spoofed numbers because some of them (yes I even googled the numbers to make sure they're real numbers) real numbers. The provider is also blaming us which isn't very nice but they're still letting these calls go through. We even had to specifically block international numbers for one customers. There's 3 customers who all report the same issue.. they also never agreed or wanted international calling enabled on their service.. thoughts..?

Anything That Can Go Wrong, Will Go Wrong-De Morgan

 

[Westi]

you can stop international incoming calls if they start with the same codes
if they come in from 01144xxxxx (those English hackers ) then you can put a * into the incoming number and into the CLI you put only 01144 and then point it to a barred shortcode.
That way they should not be able to call you any more from England.

If you want to block all international incoming calls just put in 011



Joe
FHandw, ACSS, ACIS

If you give more information you will get better answers. If you only give bits and pieces then you will get the same back and maybe not fitting your problem.

 

[DawsIsHere]

Yes, we did do that with the wildcard blocking. The issue is, they're using spoofed local numbers to call in and attempt to access the voicemail.

Anything That Can Go Wrong, Will Go Wrong-De Morgan

 

[Westi]

then there is no hope I am afraid.
But mailboxes without a password should not be able to get accessed from outside the system so a decent password is a must. Make all of them 5 digits
hackers usually try 4 and maybe 6 but 5 is a really odd number of digits

Joe
FHandw, ACSS, ACIS

If you give more information you will get better answers. If you only give bits and pieces then you will get the same back and maybe not fitting your problem.

 

[DawsIsHere]

We did that boss, we should be all good to go. I really appreciate the feedback and I sure hope this helps other Avaya IPO Managers prevent this type of attack (still going to blame the providers because international calling should've been disabled on their end)

Anything That Can Go Wrong, Will Go Wrong-De Morgan