Erik, I will post some details as to what happened in the next 24 hours (I have a lengthy message that I almost sent last night but decided to hold back on it until later/the whole picture is completed). I'm still trying to get some things resolved and to shut down the causes sometime today (overseas long distance has been disabled, so it's not really a rush job, but holes should be shut down).
In this case, it has nothing to do with SIP or any VoIP... this is old school. But the lessons learned definitely apply to VoIP (even more so in my personal opinion). Chuck -----Original Message----- From: Erik Schwartz [mailto:[email protected]] Sent: January-29-10 12:19 PM To: [email protected] Subject: RE: [on-asterisk] Long distance fraud... $24,000+ So what was the cause of this? Was it someone on the inside (of the company) who found a weak password and went wild, or was it someone packet shaping that got the SIP credentials and connected from else where? What can be done to prevent scenarios where someone gets the SIP credentials? Are TLS or SRTP used to prevent this? Erik. -----Original Message----- From: Chuck Mariotti [mailto:[email protected]] Sent: Friday, January 29, 2010 11:47 AM To: Nabeel Jafferali; [email protected] Subject: RE: [on-asterisk] Long distance fraud... $24,000+ I would agree, the equipment is what let the hacker in. In this case, a weak voicemail password likely. Not AllStream. But I think that's being a little too easy on AllStream in this case. The number of lines/trunks they have purchased/sold contradicts the line capacity they delivered. For example if they have eight employees, they are told to purchase eight lines. They purchased a number of lines so they could place that many phone calls. What's happened is that an insane amount of volume (24,000+ minutes) was done using only three phone lines, in a 14.5 hour window. Dozens of simultaneous phone calls... on only three lines. Because AllSteam allows this hookswitch feature? As well, the client usually spends under $1,000 a month on their total bill. At what time is it reasonable for AllStream's monitoring system to go off and for someone to cut off the service? 4 times the usual volume? 4 times usual volume per month within an hour? High Volumes, in a suspicious pattern that's never happened on those lines before? And obvious exploit that happens daily? This should have been stopped within an hour or two... not 14.5 hours later. Not dozens of simultaneous calls, on only three lines, over 14 hours, that's never happened before. In the middle of the night. That's just negligence on their part. AllStream is making money off of this fraud, at full price. I am certain that we'll be able to get some discount on it (in good faith), but even half the price is too much and they are still profiting from fraud. There must be a reasonable rate to pay. I'm sure that AllStream will report it as fraud and get it credited back to themselves in some shape or form. Hell, the same calls using Unlimitel would have been less than 1/10th of the price (and Unlimitel makes their profit off that). And I'm sure they would have shut it down in a matter of minutes... not hours. Should AllStream make a profit on fraud? Should they even get paid for fraud? It's not in their best interest to stop it. Chuck -----Original Message----- From: Nabeel Jafferali [mailto:[email protected]] Sent: January-29-10 11:19 AM To: [email protected] Subject: RE: [on-asterisk] Long distance fraud... $24,000+ >From one past experience - since the issue was with the customer's equipment, >they were held liable for the call charges (which, to be honest, sounds >logical - unfortunately). -- Nabeel Jafferali X2 Networks Inc. -----Original Message----- From: Chuck Mariotti [mailto:[email protected]] Sent: January-29-10 11:14 AM To: [email protected] Subject: [on-asterisk] Long distance fraud... $24,000+ Anyone have any experience with large long distance phone bills ($20k) that are fraudulent? The phone system was compromised via dial in / call transfers. Overseas calls made. Specifically how to not have to pay All Stream because of it? What's the common practice and outcome? I mean, I would imagine that All Stream would get their costs back out of it eventually, how can they pass that onto their client? How can I go about getting them to zero it out? Regards, Chuck Mariotti --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
