Is Your Communications Platform at Risk?

Whether it’s a basic telephone system, an IP PBX system, a hosted platform or a multi-site corporate voice network, you can not afford not to lock down the system.

Increasingly, hackers are gaining access to corporate phone systems, allowing them to place long distance and international calls through major telecom networks on all carriage options. The fraudsters are not bothered if you don’t use SIP, they are ok with ISDN and PSTN services to get what they want.

The phone line account holder is responsible for all phone charges. In Most cases the owner of the phone system isn’t aware it’s happening until a large unexpected bill from their phone provider arrives. Your orginisation could be a victim of this type of fraud and would not in many cases be able to pay the account on the carriers terms.

The bottom line – what can happen?

These Cyber criminals can hack your PBX phone system and it doesn’t matter if you are connected in a Datacentre or behind a firewall. Whether they attack by remote access through the web or by dial in phone line you must address this threat..

  • Company A – An IT services company with many phones lines, firewall, router was hacked via a SIP attack. After many attempts access was made via a CTI (Computer Telephony Integration) connection. This allowed for control of extensions and calls were made to a value of over $50,000 in a single weekend. The carrier did not shut down the service although the traffic was completely out of character.
  • Company B – A electronics orginisation was hacked via a call centre package even though the PBX was locked down. The “agent” client allowed for dial outs. On this weekend the account was increased with the carrier in excess of $6,000. The carrier again did not detect the anomaly and failed to shut the service down.
  • Company C – A legal firm who left the PBX accessible on the public IP address via NAT. System was compromised and extensions call forwarded to overseas toll numbers. Multiple calls made and a bill of over $15,000 in a weekend. Again the large carrier failed to detect the change in call patterns.
  • Company D – Legal firm with Video Conferencing unit connected to the PBX system. This was to allow incoming voice callers to access the video unit. The Video Conference unit was accessed and allowed to dial out externally. It was more time consuming for the hackers but still an account increase of $4000 was made.
  • Company E – Accounting firm had the voicemail system accessed and re programmed by DTMF access and had extensions forwarded externally to overseas toll numbers. They only found out about it after 3 weekends when the bill arrived. The carrier had not contacted them at all until the accounts department called to query the calls
  • Company F – Small business owner with IP phone publically connected to the hosted platform. Had the credentials hacked in the wireless router and a softphone connected to the platform and made $700 worth of calls before the carrier shut the service down.

Please ensure you understand the carrier will ask for payment of these accounts. Your business is responsible for these services. My advice is also to question the carriers before this happens as to what their protection policy is for hacking? We have seen these criminals try and hack our own systems and they will send an attack each second with random new access request. They are very skilled and they are relentless in there goal to steal your money.

Are you willing to risk thousands of dollars on unauthorised calls and just say it won’t happen to me?

How do they hack the system?

As most PBXs are software driven and accessible via computer interfaces allowing the hackers to remotely control the system. The hackers do this by attacking the system remotely until they break in. They look for any cracks in the security and then take control. They can basically change any part of your telephony systems call routing, dialing patterns and disable toll restriction. In some instances they add IP extensions and dial from there own phones on your system.

An example of how they attack you would be to access ports left open on your network. These maybe PBX maintenance ports, SIP ports, remote access ports and the hackers query the devices. Some answer back with the device type and software version. This makes it easier for the hacker to then take the hack to the next level. They also connect via your telephone lines and attempt to reprogram voicemail forwarding functions and then forward an extension to their target number. They dial as many times as they can to increase the toll fraud.

CTI (Computer telephony integration) is one of the latest ways of controlling your system. The Cyber criminals will connect to your platform with a CTI interface. This will allow them to control the phones on your system remotely and dial at will. A colleague was alerted to being hacked as a phone on the desk next to him came alive and started to dial an international number. He hung it up and a few seconds later it did the same. After disconnecting the system completely from the network he was hacked via a CTI interface. This same week another colleague was hit with $70,000 worth of toll fraud all done via the CTI interface. They are in the process of implementing a Session Border controller by Avaya.

Video Conferencing platforms are also hacked via the HTML interface and once they are connected to a PBX via SIP they dial out on the
extension. This is the new way of accessing the Telephony platform. You may lock the PBX down but the Video Conference unit is
normally authorised to dial out. Video Units can be a huge hole in your security.

What can I do to protect my Telephony Platform?

Security is paramount and its becoming more difficult with more Unified Communications being implemented. Remote applications connect back to the platform and offer presence, chat, Instant messaging, VoIP SIP clients, remote IP phones and softphone, Video conference clients and other SIP accessibility. A Commercial grade firewall would protect your network and platform, but it is leaving ports open so the devices can access your communications system. This small crack in your front door is all the hackers require to access your system emulating the remote devices you have connected. As security increases to protect your communications network the cyber crime experts are responding with new ways.

A Session Border controller can be seen as a “Voice Firewall” and this device can protect your platform and authenticate your Unified Communications users specifically. The SBC (Session border controller) would connect before the PBX platform and authenticate the public SIP and UC users and then connect to your platform once specifically approved.

Now some other basic recommendations for protection of your platform internally would be :

  • Change the system password from default and ensure its not a simple predictable password
  • Change all extension passwords immediately from 0000 or 1234 or the extension number. Change to a password that’s not predictable.
  • Change voicemail passwords if applicable.
  • If an extension or auto attendant dials externally ensure that the device its diverted to cannot be hacked. Again password changes. This may be a mobile device.
  • Close the remote access ports for the Phone systems IP extensions to the outside world until you are protected. Ensure the CTI ports, SIP ports etc are closed.
  • Do not have your PBX accessible from your public IP address. This is like closing the front door but putting a small padlock on it. Its easily broken.
  • Put international call barring on your system outside of working hours. If you want to deter it during business hours put a small dial code in place to allow international calls. This would mean if your system is hacked the calls will fail. They would have to then work out your international dialling pre dialling codes.
  • Put alarms on the call logging software packages to alert you immediately calls are made on international numbers.
  • Send a letter to your carrier indicating regions you dial and the times and days of the week you dial these numbers. This will help them shut access down if something outside of the ordinary takes place.
  • Make sure your carrier has a process in place to alert themselves as well as you for calls that may be unauthorized. If they don’t have this functionality question why you are using this carrier. There are carriers that have these measures in place

If you are looking for a SIP carrier that has security in place to detect unusual changes in your calling patterns. That will shut down the service until you ask for it to be reinstated and alert you of the attack? If so contact [email protected] and ask for their policy on SIP hacking control.

Download PDF: