Telephone System Hacking
This article is extremely important; please take the time to read it.
By simply following this guide you can lock you phone system down and limit your exposure as much as possible:
Perhaps the best place to start is a simple series of questions:
When you leave your house, do you deliberately leave the front door open? Do you leave your car unlocked with the keys left in the ignition or perhaps carry your credit cards around in your wallet alongside a piece of paper with the PIN written upon it?
We’re confident that the answer to all of these questions would be no.
Your telephone system is no different.
You need to take the security of your telephone system every bit as seriously. If you haven’t been doing so up until now, it’s time to start.
So What Are We Talking About?
Telephone System Hacking is quite simply the theft of telephone calls, often to international destinations, premium rate numbers or international satellite numbers, by an unauthorised party.
It occurs when the security of your phone system or equipment is cracked, and can result in charges on your telephone bill running into many thousands of pounds.
Your telecoms provider is under no obligation to compensate you for such losses, nor is your telephone system maintainer.
Any calls originating from your system, lines or equipment authorised or not are your responsibility. You are liable for the cost.
Businesses using ‘on premise’ telephone systems and voicemail systems are particularly at risk if these systems are not secure.
It is a global, industry-wide problem with potentially devastating effects.
To give an idea of the scale of the problem one anti-phreaking software provider cites this crime as costing global businesses USD$80 Billion per annum. In the UK the crime is reportedly four times the size of credit card fraud annually.
How Can You Protect Your Business?
These are general guidelines, is not an exhaustive list and we urge you to contact all parties concerned with your own telephone system.
International and premium rate calls are often the target destination for fraudulent calls. We therefore recommended restricting such calls and only allowing those to which you need to make calls. Most, but not all phone systems offer this feature.
Out of Hours Calls:
Restrict outbound calling outside of your normal working hours. Most hackers gain access to your telephone system out of hours to remain undetected. It is during these hours that most fraudulent calls are placed.
This is by far the most common point of attack and it’s certainly the most often overlooked. Oddly it is also perhaps the most simple and effective form of protection to deploy:
Change your voicemail and/or user passwords as often as you can.
It is a simple process and takes seconds.
Telephone systems are designed to be accessed from the outside world to offer many of the excellent features they provide.
Access codes to gain entry to systems are standard and widely known.
The protection from any unauthorised access lies in the password.
Do not leave them at defaults values and certainly do not remove the need for a password entirely.
Do not give out system passwords to individuals calling into your business claiming to be from your telephone system maintenance company. When system engineers arrive on your site call your system maintainer to confirm it is one of their engineers before allowing them to carry out works.
Confidence scams such as the above are unfortunately a sure fire way to hacking your systems although they are extremely rare
Unused Mailboxes & Phones:
When staff leave and/or are replaced, remember to disable their mailboxes and user credentials.
When a new member of staff joins remember to set up new credentials and new passwords.
Unused phones should be placed in a safe location and locked safely away.
There is the potential for someone entering your premises to remove such phones and place calls externally which could go unnoticed for months.
Once such a phone is obtained, call forwarding could be set up to route calls anywhere in the world. All through your system and your lines.
Similar to International and premium rate calls; do your staff need the ability to transfer calls externally or forward calls externally to their mobile phone, home etc.? If not we recommend you disable such functionality.
Call logging software can often send automatic emails warning of exceptional calls at odd times of day, to certain number types, or over certain lengths of time.
Staff should be vigilant
If line keys are lighting up on switchboards when no-one is on the phone or users are reporting strange voicemail messages being left on their voicemail boxes ensure they report it.
Then immediately report it to your maintainer.
These can both give an indication of unauthoriesd access or at least an attempt to do so.
Often voicemail messages can have the following characteristics: be repeated calls with dead tones, DTMF tones, foreign languages or even simple tapping on a microphone. If staff notice any of these things, again report it to your system maintainer immediately.
What Can We Do?
You can ask us to do the following:
- Disable certain call types and features on your telephone system
- Install phone phreaking software to protect your phone system and immediately alert you if there are any fraudulent calls occurring.
- Attend site to carry out a security audit and update/remove any users/phones/passwords as found appropriate.
Please contact us to discuss pricing.
If we are your service provider and bill you for calls and lines we set up toll fraud monitoring on all lines as a matter of course.
These will not protect you from hacking as there is always a slight delay in calls being placed and records of those calls reaching us. The length of delay largely depends on the type of lines you are using. On SIP and Hosted phones call barring and fraud alert management are automatic and almost instantaneous covering you 24/7/365.
If we suspect a hacking attack underway on your lines we will bar calls at the earliest opportunity and contact you to check your security before raising any bar put in place.
Finally if you suspect any attack on your phone system and we are your service provider and/or system maintainer: CONTACT US IMMEDIATELY
RJ Cortel is an extremely professional organisation - what they promise, they deliver...
Derek Wheeler, Finance Director at TGLynes