Along with eavesdropping and theft of information, your voicemail system is also vulnerable for financial exploitation. In the past decade, there have been numerous occurances of voicemail systems being hacked for financial gain. In many of these incidents the technique used was trying to force voicemail systems to place international calls to the Philippines, Cuba, or other countries. The number being dialed is similar in concept to the 900 numbers popular in the US, where the owner of the number will receive payment for every call that comes in. The calls are typically answered by another answering system that just tries to keep the automated call connected as long as possible. Since these are international calls, the owner of the phone system under attack will end up with a very large bill from their long distance carrier.
The hacker makes use of voicemail features such as “remote notification” or “off-site message notification”, typically used to call a cell phone or home number when a message has been left in a mailbox. These features can easily be activated through a user’s mailbox or through a system administrator’s mailbox when there is no password assigned, or if just a very simple password has been used.
We have been called on to analyze and protect many systems that have been attacked this way. We were even contacted by the FBI cyber-crimes division a few years ago to help them understand how these attacks were occurring. They had received many complaints regarding such attacks and wanted to understand more about how they were being perpetrated. There are a number of other methods of hijacking voicemail, besides the one mentioned above, that have been discovered as well, I will try to explain more about them and relate some specific incidents in upcoming posts.
What to look for?
1. Have any employees reported losing their password or finding their password changed?
2. Voicemail systems will usually notify you if someone had tried to enter your mailbox with an incorrect password- be suspicious if this occurs.
3. Be sure to note any odd activity on your phone system or voicemail system. Does the voicemail system appear to be busy often? Do outside lines appear to be in use when no one else is in the office such as after hours or at night?
4. Do your telephone bills show unusual activity such as frequent international calls to the Philippines or Cuba?
What to do?
If you have any of the above symptoms or note other suspicious activity, feel free to contact us promptly to discuss what might be occurring and what steps can be taken to protect your systems.
For preventative measures check the following:
1. Make sure passwords are being used by all users, and not just the default passwords.
2. Make sure passwords or other security measures are in place for all administrative functions.
3. The voicemail system can be programmed to block access to outside lines.
4. If the voicemail needs outside access (such as for cell phone notification), the ports can be toll restricted to prevent international calls or other 900 type calls.
5. Call logs can be automatically kept for most PBX systems, these can be reviewed to spot unusual and unauthorized activity.
As always, good security policies are needed- not only for physical security, and not just for your computer security, but also for your telephone and voicemail systems.
-Charles Patterson
Patterson Communications, Inc.
www.execsecurity.com