Documente Academic
Documente Profesional
Documente Cultură
Introduction
In today's business environment, security is of vital importance. This importance
extends to voice networks just as much as data and the risks of a security breach are
growing daily. In this document we detail some of the reasons behind the increasing
popularity of Toll Fraud.
The main reason for the increase in Toll Fraud instances is simply because, from the
hacker’s perspective, his is a low risk high profit crime.
Low risk because you, the target, probably will not notice, for quite some time, that
you have been attacked.
Low risk because, when you do notice the attack, you will not know what to do about
it.
Low risk because when you do report it your PTO (Public Telecom Operator)
probably will not know what to do about it.
Low risk because your telephone system maintainer probably will not know what to
do about it.
Low risk because the hacker has daisy chained several hacked systems together
making it virtually impossible to find out where he started from.
High profit, because you can generate THOUSANDS of pounds per system per day.
Many modern telephone systems offer both build in Voicemail and Automated
Response Systems
Voicemail, so that when you are away from your desk you don’t miss your messages
and Automated Response to tell your customers that you are closed when you have
gone home.
Generally, this will be a four digit PIN which is more than sufficient because;
Well, there is a quote from a hacker that goes along the lines of;
“I don’t care how much money, time and effort you put into the best security system
in the world – It’s only as good as the first one of your idiot that uses 1 2 3 4 as a
password!”
From this, we can deduce that some PIN numbers are not as good as the others;
1234
4321
1111
2222
3333
4444
If you have a four digit password the maximum number of permutations is 9999.
If it takes 5 seconds to enter one permutation, the amount of time taken to enter them
all would be;
833.25 Hours
34 Days
So, you can now sleep easily in you bed, because you change your password every
month and your password would be the last one that was ever tried.
But, wait a minute, how many voicemail ports does your telephone system have?
Maybe 4 that means that we can now run four simultaneous attacks, so that quarters
the time;
208.31 Hours
8.6 Days
Still pretty safe, unfortunately though you bought a nice modern system with 20 port
voicemail and now what we are looking at is;
25 Minutes
Still, even if someone does get into your voicemail, how bad can it be??????
Theoretical Voicemail Hack
On Friday your business closes at 17:00
At 17:01 a hacker breaches your system and starts to generates outgoing telephone calls
You discover the hack at 09:01 on Monday morning (as you return to work).
Therefore;
However, you have twenty port voicemail generating twenty calls; the actual figures could be;
Source
1. Bell Communications
2. The Boston Globe
3. Silicon Republic
4. Washington Post
5. Risk Management Magazine
6. Comms Dealer Volume 10 Issue 8 August 2005
7. Wired
8. ZDNet
9. CBS News
Simply contact either your system maintainer or a specialist PBX security company
and enquire about a telephone system vulnerability analysis.
And don’t expect this to be a one off fix. Software upgrades, new bugs and
programming changes mean that this is a service which will need to be repeated at
least annually to be of any value.