On Fri, Jan 29, 2010 at 12:19 PM, Erik Schwartz <[email protected]>wrote:
> So what was the cause of this? Was it someone on the inside (of the > company) who found a weak password and went wild, or was it someone packet > shaping that got the SIP credentials and connected from else where? > > What can be done to prevent scenarios where someone gets the SIP > credentials? Are TLS or SRTP used to prevent this? > > I can share on of my experiences to give everyone an idea of how easy this is to perpetrate. I was working helpdesk for a company 15+ years ago supporting a site in the US that had a little Option 11 or Norstar type system with maybe 8 lines. They contacted helpdesk because they could only make 1 call out at a time before the system blocked them. They were also unable to make long distance calls. It turned out that AT+T had blocked LD on their lines because they detected fraud. The cause? Nobody compromised the system. It was working as designed. The perpetrator called a busy receptionist and asked to be transferred to extension 9011. The receptionist did a quick transfer and release, thought nothing of it and moved on to the next call. What the caller got was the equivalent of an international dialtone. All they had to do was dial the rest of the digits. In that particular case, they nailed up the lines to someplace in eastern Europe. The fraud department guessed that it was used for data calls because they lasted for over 18 hours. What's important is that this would still be easy to do today in some cases. Many of us have diaplans that allow users to transfer and to dial 9011(plus any number of digits). Stephan was kind enough to chair a security and fraud prevention discussion on this at IT360 last spring. I learned a lot then and I'm sure we only scratched the surface. I think it's a lot like the Nigerian scam email that we see. Most people have seen these and don't fall for them but there are enough new people joining the Internet all the time that there is always somebody who's vulnerably. With telephone system becoming more advanced and being upgraded more often, there are new phone system coming online all the time just waiting to be taken advantage of. Dave
