Lead Image © Christos Georghiou, 123RF.com

Lead Image © Christos Georghiou, 123RF.com

Attacks on telephone systems

Overcharged

Article from ADMIN 37/2017
By
In the early days of hacking, phreaking was used to make free long distance calls. Today, phreaking continues with more professional and better organized attacks. Here's how to protect yourself.

Phreaking, the unauthorized access to phone systems, has been a lucrative business for cybercriminals for many years. According to estimates by the Communications Fraud Control Association (CFCA), it causes annual losses of around $4.4 billion.

Attackers typically follow the same method: They automate the search for companies that operate their own telephone systems with an integrated voicemail function. Then, they rely on port scans, simple brute force attacks, or sophisticated social engineering techniques to penetrate the systems. If they discover an integrated mailbox, they use unmodified or easily guessed standard PINs to compromise a vulnerable system. Via the answering machine, the attacker can then access the phone system and make various changes.

In general, this approach is used to perform calls to previously created premium numbers that are only available for a limited time. Some providers have proactive anomaly detection in place and can use this to determine an above-average number of calls or connections to unusual destinations. They usually inform their customers within 48 hours after particularly high volume of connections. However, as an administrator, you can watch for the following signs:

  • Numerous calls to international numbers from just one extension.
  • Numerous calls outside business hours to countries with which the company has no business relations.
  • Numerous short calls to a chargeable number.

Effective Protective Measures

You can improve security through strong passwords: Change them regularly and revise your password policies. During commissioning, change all default passwords (PINs) of the telephone system and its extensions. Use call barring to restrict outgoing calls to normal business hours. Require passwords for long distance calls or calls to premium numbers. In addition, the responsibilities and administrative

...
Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus