+ Post New Thread
Results 1 to 13 of 13
Netbooks, PDA and Phones Thread, Phone System Hacked! in Technical; Heads-up... We found out this morning that our phone system had been hacked. Someone managed to get in and change ...
  1. #1
    Netman's Avatar
    Join Date
    Jul 2005
    Location
    56.343515, -2.804118
    Posts
    911
    Thank Post
    367
    Thanked 190 Times in 143 Posts
    Rep Power
    54

    Angry Phone System Hacked!

    Heads-up... We found out this morning that our phone system had been hacked. Someone managed to get in and change the settings so that the substitute function would forward calls onto a premium rate number.
    Needless to say we've locked it down now and it looks like we caught it before any costs were incurred...
    Just wanted to warn people as I wasn't aware of this scam and the engineer at our phone support company says there is an epidemic of this at the moment...

  2. Thanks to Netman from:

    laserblazer (24th December 2008)

  3. #2
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    4,993
    Thank Post
    120
    Thanked 286 Times in 263 Posts
    Rep Power
    107
    What phone system?

  4. #3

    Join Date
    Jan 2006
    Location
    Hertfordshire
    Posts
    151
    Thank Post
    2
    Thanked 8 Times in 8 Posts
    Rep Power
    19

    i'm going for

    Was it asterisk?

  5. #4
    Netman's Avatar
    Join Date
    Jul 2005
    Location
    56.343515, -2.804118
    Posts
    911
    Thank Post
    367
    Thanked 190 Times in 143 Posts
    Rep Power
    54
    Siemens HiPath 3750

  6. #5

    Join Date
    Apr 2006
    Location
    UK
    Posts
    939
    Thank Post
    39
    Thanked 70 Times in 54 Posts
    Rep Power
    30
    And i presume it wasnt 'hacked' more that the default password/username was never changed?

  7. #6

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,396
    Thank Post
    1,515
    Thanked 1,056 Times in 925 Posts
    Rep Power
    303
    ooh thanks for the heads up, surprised it hasn't happened before as most installation firms leave them at default would you believe! Must admit I'm terrible for it leaving ones i've done on default more for sheer lazyness than anything else but I should change them for security, and will go and do them this weekend.

  8. #7
    Netman's Avatar
    Join Date
    Jul 2005
    Location
    56.343515, -2.804118
    Posts
    911
    Thank Post
    367
    Thanked 190 Times in 143 Posts
    Rep Power
    54
    Quote Originally Posted by danIT View Post
    And i presume it wasnt 'hacked' more that the default password/username was never changed?
    Not the point though is it? I'm just trying to warn people as it was a new one on me. I was using the phrase that our comms company engineer used.
    The safest thing is to diasble this feature on your system if you're not using it.
    Of course we will now check our 50+ extensions to ensure none still have the default PIN on them... end users though isn't it - you tell them to change it and what happens?

  9. #8

    SYSMAN_MK's Avatar
    Join Date
    Sep 2005
    Posts
    4,009
    Thank Post
    490
    Thanked 1,345 Times in 731 Posts
    Rep Power
    429
    Can also be done on your mobile. Crooks add a calling card / prefix number so you end up dialing premium rate number on all your calls.

  10. #9

    Join Date
    Dec 2008
    Location
    Plymouth
    Posts
    63
    Thank Post
    6
    Thanked 10 Times in 7 Posts
    Rep Power
    14
    Quote Originally Posted by Netman View Post
    Not the point though is it? I'm just trying to warn people as it was a new one on me. I was using the phrase that our comms company engineer used.
    The safest thing is to diasble this feature on your system if you're not using it.
    Of course we will now check our 50+ extensions to ensure none still have the default PIN on them... end users though isn't it - you tell them to change it and what happens?
    Actually it IS the point. There is a vast chasm between a system that was hacked and a system that was completely compromised because your telecoms contractor couldn't be bothered to change default passwords!

  11. Thanks to Tamarside from:

    laserblazer (24th December 2008)

  12. #10


    Join Date
    Sep 2007
    Location
    UK
    Posts
    5,463
    Thank Post
    1,462
    Thanked 891 Times in 572 Posts
    Rep Power
    647
    It's Xmas guys so thanks to Netman for alerting us and Tamarside for reminding us to be more security minded.

  13. #11

    Domino's Avatar
    Join Date
    Oct 2006
    Location
    Bromley
    Posts
    4,127
    Thank Post
    217
    Thanked 1,322 Times in 812 Posts
    Blog Entries
    4
    Rep Power
    518
    Hacking: Unauthorized attempts to bypass the security mechanisms of an information system or network
    so, even if they guessed the password, they were unauthorized to do so - therefore, hacking.

    Thats how the law sees it. as in this recent article Oil software exec pleads guilty to hacking charges ? The Register

  14. Thanks to Domino from:

    Netman (1st April 2009)

  15. #12

    Join Date
    Dec 2008
    Location
    Plymouth
    Posts
    63
    Thank Post
    6
    Thanked 10 Times in 7 Posts
    Rep Power
    14
    Perhaps so, Domino, but according to the law it is a crime if you accessed somebody else's mailbox without permission (assuming they're not on your network) but in reality that person won't get much of a result popping in to their local police station to report the crime.

    The law is an ass, somebody once said. Certainly the law is having a nightmare just trying to keep up with technology.

    It is in this context that I say there is a massive difference between hacking and not securing systems. Most pentesters will agree when I say hacking a phone system is vastly different to accessing it (without permission) using unchanged default values.

    We'll have to agree to disagree here.

  16. #13

    Join Date
    Mar 2008
    Location
    Surrey
    Posts
    2,209
    Thank Post
    114
    Thanked 331 Times in 273 Posts
    Blog Entries
    4
    Rep Power
    115
    Quote Originally Posted by Tamarside View Post
    Perhaps so, Domino, but according to the law it is a crime if you accessed somebody else's mailbox without permission (assuming they're not on your network) but in reality that person won't get much of a result popping in to their local police station to report the crime.
    Depends what's in their mailbox, and what you do once you've accessed it. The police might not take an interest but your employers might.

    It is in this context that I say there is a massive difference between hacking and not securing systems. Most pentesters will agree when I say hacking a phone system is vastly different to accessing it (without permission) using unchanged default values.
    Given that social engineering is a recognised hacking technique, and research is essential to hacking, I'd say that essentially that's what happened here. It would've been hacking if the password had been changed to something obvious, say the area code of the school, so it'll be hacking if its left at the default code.
    Last edited by jamesb; 2nd January 2009 at 09:57 AM.

SHARE:
+ Post New Thread

Similar Threads

  1. Phone System
    By button_ripple in forum General Chat
    Replies: 17
    Last Post: 31st January 2008, 09:31 AM
  2. hacked?
    By uk101man in forum *nix
    Replies: 3
    Last Post: 2nd August 2007, 11:22 AM
  3. Microsoft.com Has Been Hacked
    By FN-GM in forum Web Development
    Replies: 2
    Last Post: 26th July 2007, 08:54 PM
  4. Are we being hacked?
    By Paul_L in forum General Chat
    Replies: 2
    Last Post: 13th September 2006, 08:31 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •