Your PBX May Have Ties to Terrorism

A team of hackers financed by a “Saudi-based terrorist group” with headquarters in the Philippines was shut down this week after breaching the trunkline PBX of AT&T and other telecommunications companies, according to the Philippine National Police Criminal Investigation and Detection Group (CDIG). 

The operation used private company phone systems as a communications channel to transfer money to Asian terrorist groups, according to CDIG, as well as call their contacts. The hackers were paid on commission through local banks. 

In all the breached companies lost about $2 million.

AT&T estimates toll fraud -- the unauthorized use a company’s telephone system to make calls -- costs American businesses about $4 billion annually from excessive toll charges, loss in worker productivity and lost revenue when customers experience difficulty in connecting to their company.

The breach in the Philippines highlights a growing problem due to the availability, to both users and criminals, of advanced telephone technology.

In the past, targets of toll fraud often were large companies that had telephone systems using the latest remote access capabilities. However, these days phone system suppliers servicing the SMB space also are becoming targets for hackers, since they offer much of the same power and capabilities as their large counterparts. These technologies include call forwarding, remote connection of long distance calls, automated attendants, voice mail and remote access to users’ systems, and all give hackers more ways to breach a phone system.

While AT&T said it will reimburse its customers for the costs associated with the recent breach, smaller companies may not be so obliging.

According to a toll fraud information sheet from Bizfon, a designer and deployer of phone systems for SMBs, most long distance agreements stipulate the customer is responsible for the charge regardless of whether the call was authorized.

“If a call has originated with, or passed through a customer's equipment, that customer is responsible for the charges associated with the call,” according to the Bizfon information.

Other SMB phone system suppliers Tech Security Today checked out used similar statements such as “the customer is liable for all incurred usage charges, absent any negligent or wrongful act by” the company.

Following the discovery of a toll fraud breach, Bizfon tells its customers they should unplug all wires from their ports labeled "incoming telephone lines," then reset the extensions one at a time to the default settings. But if your business depends on a constant flow of incoming customer calls, this scenario can present its own set of serious issues.

Perhaps the best prevention is to be aware of the various ways in which your system can be hacked, including:

• Voice mail: By hacking into voice mail and gaining control of user mailboxes a hacker can manipulate the system to accept third-party billed calls.
  
• Toll-free usage: Companies should track overuse of their 800 lines. Hackers may pose as telephone personnel and ask for passwords, or may go dumpster diving to obtain numbers and passwords.
• Unknown destinations or unauthorized outbound calls: By remotely accessing a PBX or key system at your company site, or by unauthorized access to your customer lines at your site, hackers have free rein to make calls anywhere in the world, according to Vcom Solutions, a telecom management company.

Think you might be hacked? Other warning signs to be aware of include calls placed to unusual locals not normally accessed by your employees, increased after-hours calls, calls that last an inordinate length of time and complaints from customers that they are continually getting busy signals. If you're unsure, the best advice is to work with your PBX supplier to take extra steps to secure your telecommunications system.