Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. Here's an overview of our use of cookies, similar technologies and how to manage them. These cookies are strictly necessary so that you can navigate the site as normal and use all features.
Without these cookies we cannot provide you with the service that you expect. These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.
These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance. A bloke has admitted laundering millions of dollars for hackers who ripped off US companies by hacking into their telephone systems. Miscreants in Bangkok and Pakistan wormed their way into American organizations' PBX systems and identified phone extensions that weren't assigned to a user but were still live.
These were then used to dial long-distance, premium-rate phone lines run by the hackers — with the companies running the PBX systems footing the bill. The truly dangerous side emerges when firewall ports have been opened either intentionally or by accident, allowing a wider range of possibilities for attackers. Once registered, the attacker now has an extension on the system capable of making malicious calls. This is similar to the previously mentioned issues, but now completely bypasses the physical security of your office.
In this case you then have a phone attached to your phone system which you have no way to physically locate. To stop the attack, it would require your whole system to be locked down, which for any business is a complete disaster. This is one of the oldest issues in the book. An unscrupulous person with access to a handset, usually a member of staff working out of hours, using the system for personal calls.
This one can easily be resolved. Most PBX systems have a class of service COS system which allows the administrator to restrict the call categories that can be dialled by each extension. It also allows for a day and night mode, so normal service can be provided during the day but out of hours calls can be restricted.
Whether that is disallowing specific single numbers, ranges of numbers, or even setting it so that only certain numbers can be dialled at all. This is similar to the previous example in that an extension is set to forward to an external number.
Sounds innocuous, but if the number s the fraudster is calling are scam lines set up with either a premium rate or some sort of connection charge, then the charges you receive will add up very quickly. As with the previous example, this can be neutralised by restricting the destinations can be dialled with COS, different COS settings can be implemented to prevent unnecessary numbers from being dialled during working hours and to lock the system down further out of working hours.
While not directly related to PBX hacking or misuse, this is a related issue definitely worth mentioning. PBXs have been popular for decades, but like most technologies, they have evolved over time. They are thought to be an easy target, primarily because users are often unaware of the threat that PBX hacking poses and fail to implement even basic fraud protection. For example, switch vendors use default passwords that are available online and in user manuals.
If PBX users do not change the passwords upon installation and configuration, hackers can easily get into their system.
The Communications Fraud Control Association CFCA ranks it as one of the five top telecom hacking methods and one of the top five emerging fraud risks to the telecom industry. PBX hacking is costly because every service provider in the chain that carries a call has a legal obligation to pay interconnect fees to the downstream network, even in obviously fraudulent calls. In the past, telcos often saddled the customer with the charges, but consumers have made the case that they do not have the expertise to eliminate increasingly sophisticated telecom fraud.
Regulators have accepted the claim that consumers would not sign a service contract if they understood the risk of PBX frauds and their unlimited liability. Therefore, the onus of providing fraud protection falls increasingly on the telephone service providers. With so many different attack vectors, traditional fraud prevention systems that rely on sampling and pattern analysis have not been very effective in combatting PBX hacking.
For example, they cannot distinguish between legitimate peaks in calls to PRNs due to advertising campaigns and events and peaks caused by fraud. By the time fraud is discovered, the evidence of PBX hacking has often been destroyed by natural log cycles in order to save storage space. Even if the evidence is still accessible, the costs have already been incurred. Once your PBX is in control of an overseas computer hacker, they need to turn that control into revenue before the network operator realises something is awry.
Fraudulent phone calls will often terminate in overseas destinations with low prosecution rates for toll fraud and low prosecution rates for most crimes. This makes pursuing hackers over international borders almost impossible.
The best way to deal with toll fraud is to prevent it, before the damage is done. TollShield has the ability to detect and block toll fraud in real-time, before the damage is done.
0コメント