atcomsystems.ca/forum Forums TDM Business Telephone Systems NEC Telephones & Systems Hacked elitemails

Well, over the weekend I had 3 different elitemails get hacked for outbound LD calls on several mailboxes on each system.

I see this once or twice a year, but 3 in one weekend, wow!

Seems they've figured out the default password on the new elitemail systems now too. I've been using the same default on the LX's, so I can use the same training docs, but I thing it's time to come up with something unique for my customers.

I'm deleting all unused vm boxes and turning of trunk-trunk on these vm's, anything else I should do as a precaution?

I still have mgr access on all 3 vm's.

D

Instill in the users the need to not use their extension number as the password.

Can you add toll restriction to your voicemail ports on this voicemail? The intramail allows you to change these settings which is something I do for all my customers.

Toll restriction is an excellent idea.

They do use the VM to do offsite xfers out of state, but not overseas. All of the calls were to India.

They had accessed a mailbox that was unused and went through the setup procedure and set the xfer to = '9'.

I deleted all unused mailboxes and set SC's on all that did not have them. Lucky that I always set an admin password, I have seen them change the password on the main admin so you can't access the vm to lock them out. crafty devils!

D

Wow 3 in one weekend, I had a hospital that got taken for $4500 in long distance calls before anyone noticed on a 40 port AD40. I have mandated in my company that all voicemail systems get toll restriction for the voicemail ports and change the default security code on every system. At least on the newer LX's they can not mess with the $ log on.

There's a setting in the elite that prevents voicemail from accessing an outside line. If you do not have notification to pagers or cell phones, set this setting to deny out-dialing from voicemail.

Also, PageDown through the mailboxes and scan for "transfer" set 9, or 9011, etc., and for notifications set to 9011632xxxxxxxx (a pager in the Phillipines).

This will also let you not which mailboxes have no security code (SC appears on mailboxes with security codes). Report these mailboxes to the customer contact and "strongly advise" enforcing a password policy.

By default the new Elitemail has remote access to notification settings turned off. I always inform my customers about the danger of "hackers" & to use good security codes & don't enable any mailboxes that are "un-manned".

We always change the default admin passwords on our systems.

Yes the LX is not "hackable" as the old DOS one was . I tried the same methods in my lab but they don't work unless you can access via system web admin..

If you do not have it setup on the systems set up SMDR. It will show what line the call came in on, this call will be at the same time that the call to India was made and be about the same duration. Since they have call ID most likely blocked you will not see their number. But the phone company will have a record of the call they will most likely not give it to you but they will give it to law enforcement folks. The phone company keeps this info almost forever even if they do not admit it