Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

toll fraud 2

Status
Not open for further replies.
Mitelpassion

Mitelpassion

IS-IT--Management
May 2, 2005
1,153
0
0
ZA
hi there,

have some questions on toll fraud.
how can one commit TF on a Mitel system, specifally using RAD and Voicemail? (and others)

voicemail has transfer to any digits set to false.
vm trunk to trunk transfer is yes and is unbarred.
now I know this sounds weird as I'm probably answering my own question but not really.

by dialling the system and hitting voicemail and/or aa (RAD or Voicemail) how are you able to insert digits so you are able to dial where you want to?

I've tried and I can't get the system to do anything. there is the option 2 in voicemail for mobile numbers so I'm aware of that but other than that?

thanks
 
Sort by date Sort by votes
The only way I am aware of was the Class of Restriction allowing external numbers, and on the old Interalia RAD units, the incoming caller would dial '9' whilst in the queue and break out, this was usually stopped by setting COS Public trunk to Public Trunk as 'No', and setting an Internal only COR on the RAD ports, or Vmail port if it is embedded Vmail.
There has been some recent examples of Access via the Admin mailbox, and setting the Extension field as a Premium rate number, when the voicemail box was dialled via external, it connected the caller to a premium rate number, obviously charged to the company being called, this was fixed by changing the Admin mailbox passcode and the steps mentioned above? I never did get to the bottom of how they managed it, someone on the inside methinks?
 
Upvote 0 Downvote
For obvious reasons, I will not explain exactly how to abuse the Mitel for toll fraud.

I do want to stress, however, that you should avoid external callers to be able to dial RAD-ports directly, or have internal phones forwarded to RAD-ports!! At least on 3300 v8, callers that end on RAD-ports can commit toll fraud.
 
Upvote 0 Downvote
Like you Mr. Passion, I too could not reproduce the problem.
And then my lightbulb went on...
I don't want to say what it was either but found it on my system and proved it on a hacked customer.
Not nice...
Maybe pm me???

Dave

You can't believe anything you read... unless of course it's this.
 
Upvote 0 Downvote
Which release of software are you runnnig?

********************************************************************************

Eighty percent of success is showing up
 
Upvote 0 Downvote
This seems to be a big issue at the moment, we have had several customers affected.
As in previous posts I cannot divulge the methodology behind the hack, but it involves access to mailbox 9999. This has 3 passwords associated with it: Technicians,Managers and Admin. All 3 MUST be changed from the default value to stop hackers. We have had instances where the hacker has activated the "erase current configuration and begin a new installation" option, bless 'em.
 
Upvote 0 Downvote
I've always wondered how many of the hackers we're paying via welfare to sit around thinking of ways to get me more overtime fixing these things.

NO GOOD DEED GOES UNPUNISHED!
 
Upvote 0 Downvote
I don't know if it is my lack of imagination or the fact that I restrict everything by default that is preventing me from understanding this issue.

My Rad ports are always restricted from outcalling.
My Voicemail ports are always restricted to local only.
My Trunks are always restricted to local only.

For those that have figured this out, can you tell me if I have anything to worry about? I think not, but...

*******************************************************
Occam's Razor - All things being equal, the simplest solution is the right one.
 
Upvote 0 Downvote
Very often it is not possible to maintain secure configuration like trunk restriction and etc. Users asking for all sorts of crazy things just because it looks cool and bosses forcing tech guys to get it working whatever it takes.
 
Upvote 0 Downvote
Slapin: Yes I agree that changes are sometimes necessary, but at least when you have to make those changes, it opens the door for the discussion about toll fraud.

It's one thing for the customer to decide to expose their system.

It's quite another for it to be exposed accidently or be default.

My design even restricts COR1 and COS1 (default Values). Any phone created needs to be modified to be able to dial anything but 911. This takes care of the all scenarios I can think of.

*******************************************************
Occam's Razor - All things being equal, the simplest solution is the right one.
 
Upvote 0 Downvote
very much a debate this.

Firstly how do I get the info around how exactly it's being hacked. PM? every time I post my email on here in the form of namedotwhateveratdomaindotcom my post gets removed

Secondly in my instance the customer uses the dial 2 to get to mobile number option. there are multiple controllers on this site so public to public for trunks need to be on. voice mail resides on separate controllers so does ISDN. Barring vm ports an issue cause they have to dial mobile phones.

Thirdly - how on earth does a rad allow a call to be made externally? I've tried and could never get dial tone or get the RAD to dial anywhere. no interflow dialing lists whatsoever.

\using release 8. am aware of the RAD security improvements on release 9 but I need to know how they are doing this.

I have found though that a mailbox was configured for international number as a mobile number. so someone hitting this particular mailbox, dials 2 and voila an international destination. (inside job)

thanks for the replies
 
Upvote 0 Downvote
The Following Documents are easily accessible on the internet using search terms Mitel Toll Fraud Rad Voicemail.

They are about prevention so I have no misgivings about posting links here.



MitelPassion:The solution to your international dialing by an inside user is to require users to use System Speedcalls (with override toll control enabled) if their mobile numbers are outside of the local dialing area. This allows the voicemail to be restricted to local dialing only. If the inside user is the System administrator, there is no solution.



*******************************************************
Occam's Razor - All things being equal, the simplest solution is the right one.
 
Upvote 0 Downvote
Saw the thread so I had to join to jump in on this one.
Here's how to lock down a SX2000 or 3300 from dialing out.

Trunks:
- be sure COR of trunks are restricted from dialing out
- set the trunks with an interconnect restriction that blocks trunk to trunk connections.
- set the maximum digits dialed for the COR of the trunks to be the number of your extension digits.
- set the COS of the trunks to disable "Public network to Public Network connections"

ARS:
- Remove/block 9+00 and 9+0.
- remove/block 9-1900 calls
- remote/block 9+1010xxx calls.
- Program regions for dialing access. Restrict phones only to the regions necessary to do business.
-- local calls, toll free calls
-- intralata call,
-- intrastate calls,
-- interstate calls,
-- international calls/900 call

Voice Mail
- Change all admin passwords
- remove all unused voice mail boxes.
- restrict ports via COR from outbound dialing
- Restrict ports via COS from "public network to public network connections"
- Set the maximum digits dialed to the number of digits of your extentions.

Class of Restriction:
- for phones - disable "External Call forwarding"
- Restrict regions allowed to be dialed via COR.

Carrier/Phone company:
- Restrict 3rd party billing
- Restrict international dialing
- Restrict operator assisted calling

Other:
Set up PBX so that all defaults are blocked from outside access.

I'm sure there's more, but this will get you started.

UncleRalph







 
Upvote 0 Downvote
kwbmitel,

I concur with the speed call, I've suggested this to the customer but they are not sure if they even want the feature anymore - can't blame them cause the phone account was through the roof.

I'll check out the links thanks.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

JMarine0811
  • Locked
  • Question
Local/Toll Free "Access Denied"
Replies
3
Views
68
JMarine0811
JMarine0811
kwbMitel
  • Locked
  • Question
Toll Fraud activity on Mitel Voicemail
Replies
4
Views
37
sarond
sarond
floppy1
  • Locked
  • Question
Help with Toll Fraud and SMDR
Replies
14
Views
27
floppy1
floppy1
bdown813
  • Locked
  • Question
Transferred call to toll free number gets Access Denied.
Replies
2
Views
39
Lundah
Lundah
STMorin
  • Locked
  • Question
Mitel toll fraud timer
Replies
3
Views
20
STMorin
STMorin

Part and Inventory Search

Sponsor

Back
Top