Someone hacking clients MICS. $11k phone bill!!! 1

[DOcean]

Received a call from a client who has an MICS w/T1 (perhaps PRI...not sure yet). They received an $11k telephone bill for calls to the Phillipines placed after normal business hours (e.g 3am). There is no-one present at the location after hours.

How is this being hacked and how do I stop it??? (Not too concerned about how it's being hacked, but I'm very concerned about how to stop it).

Thank you,

D. Ocean
VIP Video & Communications
Miami, FLA

 

[curlycord]

I would setup SMDR call reporting to find out what ext made the calls.....could be somebody forwards their ext or mailbox to the long distance number.

Turn off Redirect in Capabilities at suspicious sets in plants or hallways or everyone.

Make sure mail boxes do not have call foward on also.

Do you have DISA setup?

I am sure i am missing something else but thats a start.

We are not permitted to tell you how to hack in these forums but only to assist in preventing.

It could be that the system is not even hacked but instead the carrier has the problem.

 

[DOcean]

We are not permitted to tell you how to hack in these forums but only to assist in preventing.

No problem. This has got to be an "inside job". I can't possibly imagine how someone outside the location could change the settings necessary to pull this off. Location is a large shipping/receiving warehouse with many, many people coming and going, but not the kind of people one would think could program a Nortel system.

This is a new client whom I will be visiting for the first time tomorrow, so I do not have all the details yet as to DISA, Mailboxes, Re-direct, etc. I've never encountered anything like this and need some direction as to where to start.

Thanks again,

D. Ocean
VIP Video & Communications
Miami, FLA

 

[bkrike]

Check these threads:
thread799-874032
thread799-861341
thread799-791449

 

[DOcean]

Thanks all for the responses.

I didn't think of doing a forum search where there are many good posts on the subject. As I'm still a "greenhorn", I wrongfully assumed this problem was something new.

D. Ocean
VIP Video & Communications
Miami, FLA

 

[hawks]

Normally it is done through the voice mail system. One thing you can do is build restriction tables and assign them to the vmail ports. Another is to talk to your carrier and if you do not use pick codes when dialing LD then tell the carrier not to accept them. If you do not dial international then let them know that also. I got hit myself about 5 years ago $40k in 1 weekend.

 

[elbergeron]

TOLL RESTRICT! We toll restrict all voice mail system ports on EVERY system we install and advise the customer to change the security codes on all boxes regularily. It is a trade off of security vs the few long distance message notification numbers that might be requested.

 

[rhowlett]

I would change all default system passwords. 266344, etc. to something else. Change the F983 password to something other than 0000, 1111 or 1234.

 

[NorstarWiz]

The problem with the hacking is posted all over the internet which is why so many are getting hacked. We have a company of lawyers that we did an install for. They got hacked and have reported it to the FBI. Waiting to find out more on that 1.

 

[hawks]

Keep us posted norstarwiz

 

[jeter]

if call notification is not needed I would setup a COS blocking outbound calls after hours.

“Reserve your right to think, for even to think wrongly is better than not to think at all”

Fisher CCNP,CCNA Network+

 

[hawks]

Telecoms fraud costs $55 billion a year (headline 2001)
Filipino phone phreakers foiled (headline 7/2004)

As you can see it is still a big issue just type in PHEAKERS in a search engine and you'll get somewhere around 10,000 hits. This is why you should always look at your call records especially before any holiday shut down. Because according to MCI & AT&T if the hackers do break your system then they usally test a few calls a day or so before they go and sell the codes.

 

[hawks]

Telecoms fraud costs $55 billion a year (headline 2001)
Filipino phone phreakers foiled (headline 7/2004)

As you can see it is still a big issue just type in PHEAKERS in a search engine and you'll get somewhere around 10,000 hits. This is why you should always look at your call records especially before any holiday shut down. Because according to MCI & AT&T if the hackers do break your system then they usually test a few calls a day or so before they go and sell the codes.