atcomsystems.ca/forum Forums TDM Business Telephone Systems NEC Telephones & Systems Hacked system

I just learned today that our phone system has been "hacked." That is the wording our phone company used. According to them someone was able to get into our system through the auto attendant to voicemail accounts that did not have a password and then call out through our lines. Several hundred dollars of calls to Zimbabwe and The Philippines were made.

All of the VM boxes that were not protected had several messages of a person counting to ten. The calls that have been billed so far are mostly all under a minute. The phone company tech said they were probably doing some sort of testing for future calling.

My questions are, 1. If anyone knows about this type of fraud, what is happening exactly? 2. What else can I do to protect our system? We will want to eventually remove the int'l block since we do occasionally make int'l calls. I appreciate any advice. Our system in case it makes a difference is a NEC Electra Elite 48.

Thanks
Camille
I have since put an international block on our lines and put passwords on all unprotected VM boxes.

NUMBER ONE. EITHER INSTALL PASSWORDS OR DELETE MAILBOXES. AND THE PASSWORD SHOULD NOT BE; BIRTHDAY(S), PART OF SOCIAL SECURITY NUMBER, LICENSE PLATE NUMBERS, NUMBER SEQUENCES, OR ANY OTHER 'EASY TO REMEMBER' NUMBER!

Sorry about the CAPS LOCK! After I looked at it, I thought, 'how appropriate', so I left it!

Do not allow mailboxes to access outbound lines/trunks unless absolutely necessary. If possible, when VM has to dial pagers,etc, put the number in a toll control table that only allows numbers that are REQUIRED, and apply to all VM ports. Deny * and # dialing from VM ports.

Change the passwords for the Mailboxes, VM programming/management access, and phone system programming/management access. Do this AT LEAST every 6 months, better quarterly or even monthly.

Oh, and ask your installation/servicing company why they did not protect you better!

Here's the soapbox, next? John C.

They have a no-fault policy for Toll Fraud apparently. Nice to know, NOW. Kind of messed up since they claim they are not responsible but also say I can't get info on activity happening on the lines until the bill comes out without a subpoena. How can I learn to do the programming/management. I only know how to do do the stuff in the user booklet.I had to hunt down the information on even changing VM passwords since all the manuals we have are just for regular user settings and nobody here knows anything about it. I asked our service company where I could get a full manual and they told me that I couldn't. They want me to pay them to come out of course. Can you change to a different company or do you have to use the one that set up your system?

Thanks for your reply.

Oh the good ol days of locked up vmails to zimbabwae and the Virgin Islands, We had had one on a Key Voice lock up about a year ago and I had the Trace file on, long story short we went through the logs and found out 2 in the morning what number was accessing the Admin MB creating the Mbox trying to change the transfer field and they got stopped because we had Long distance codes from the provider and when we called the number it was a damn Kyak shop in another state and their vm had been hacked and when we asked what they do she seemed alittle confused at first but confessed later in the conversation that over 25 different companies called and had been hacked into as well by using her vm as a call point to get into other voice mails from that vmail, so we called the number that our vmail had been hacked into and we dont know what in the tarnation hell they were saying but it was in Ny, the IT guy spent some personal time and did some homework and it was around 60 companies [vm's]that were being bounced off of for 1 phone call to go through. Amazing what people will do to break a crime.....or track one

What are they even doing? Hundreds of calls under a minute. How is that useful to them?

That is a scheme to create billable minutes for you to pay. Many LD carriers charge a set-up fee and an outrageous first minute fee, then it gets cheap. And if you have SMDR, you can catch the calls on a daily basis, for whatever good it will do you. Esp. when you see what a hassle it is to audit the calls. That's when you get an Inn-Form, or ezy-matic, or some other automated call screening/accounting device. Keep in mind that you do not get the call until it ends! Check your mail.

Testing.....once they have found the "keys" they will sell your number and you will have thousands of dollars worth of calls to these international locations. They get the money up front and you get the bill on the tail end.

Some manufacturers do not allow end users to have the technician's manuals. Most end users have a hard time understanding the terminology little alone understanding the effects even just one wrong change can cause. No, telephone systems may seem simple ("I program servers and routers so I can do a simple phone system"... wrong!!! ) because we have had years of training and experience. I have made more money on those jobs than if the customer had called me first instead of DIYing it and dropping the whole system.

If you are unhappy with your current vendor, contact NEC and they can give you a list of dealers in your area.

Good Luck. :thumb:

Just to add to what's already stated...

NEWS FLASH...

Changing your vendor because he wants to charge you to program whatever you need is a non-starter option. Any other vendor will charge you as well. You get paid for what you do, so do we. The price you pay is directly connected to the service/results you get.

BTW, I also have a disclaimer in my agreement with the client. If they have access to the system programming, why shouldn't I cover my butt?

As we say: Pay us now or pay us MORE later...your choice.

I Once had a Customer where this exact thing happened, the Voice mail was calling the Philippines. Someone over there Knows the Default Password to NEC's (Amy Ronk) or (Sandy Simmons)System Managers Mail Box. This is the Password That Needs to be Changed, what ever you do do not Delete this Mail box. It will render Your Voice Mail Inoperable.What They would do is sign on to that box and make several Mail box's to call out whenever a Message is left in those Boxs. They will also change that Mail boxs Password.

Yeah, that's an oldie but a goodie. You can try and stitch it up yourself, but even with a manual...well let's just say the manuals assume you've already had training. If you wanna DIY, and you miss something then it's all on YOU. Likewise you could change techs, which given the situation may not be a bad idea anyway if in fact the installer left that system vulnerable in the first place. Either way you're going to be paying and you should.

And that's coming from someone who "programs servers and routers" Just from years of dealing with phone switches of all flavors I've picked up enough to maintain my switches, BUT when it comes to serious programming or base installs, I let the pros handle it. In the same way I wouldn't let any of these old phone dogs secure or route my computer networks. Lesson learned, cough up 5 bills and have a professional handle that system, and know that it won't happen again.