[cisco-voip] Fraud calls to Cuba - Please read

Corbett Enders cenders at homesbyavi.com
Wed Jan 7 22:26:56 EST 2009 

Hello List,

I've got a situation with 2 remote sites.  Over the course of several days in late November, somehow the analog POTS line in the site (which we use for SRST backup) proceeded to make approx 4,940 calls to Cuba.  There wasn't really a pattern to the calls.  It started with a couple of repeated calls to the same number and from that point, the dialed number changed (not dialed in any sort of sequential pattern either).  Calls varied in duration from 0 seconds to many minutes long.  Sometimes the next call would happen right away and other times there would be several minutes delay between calls.  This proceeded to occur over the course of about a day and a half until the POTS provider called us and we blocked the line.

The analog line in the show home serves 2 purposes.  It is connected to the SRST FXO port on the Cisco 2801 router and also connects to the analog fax machine.

At this point, the POTS provider feels that somehow the 2801 router has been compromised and is being used to route calls out the FXO port.  We have a cordless phone on an ATA, and at first they felt this was the source but I indicated that any calls from the cordless phone would leave through our PRI in the main office, through the phone line on the FXO port.

Even if someone had managed to guess our admin password for the console of the router, I don't believe that person sitting on the Internet would be able to get a call to connect from their computer, through the Internet, and leave out our FXO port in our site.

I'm wondering if anyone on the list has some thoughts as to how the system could have been compromise or if it just isn't possible.  The POTS line is actually a digital line provided by Shaw (a local cable/telco in Alberta).  I feel that their "digital" phone terminal has been compromised though it isn't connected to the Internet in any way.  One other possibility is old school phone phreaking where someone has actually tapped into the physical line but they would have been sitting outside in the cold for a very long time making these crazy calls.

I look forward to any insight the collective brain power of this list can provide. The bill for these calls is over $6000.

Regards,
Corbett Enders.

Corbett Enders
Network Manager
Homes by Avi - 2007 Canadian Builder of the Year.
Tel: (403) 536-7170
Fax: (403) 536-7171
www.homesbyavi.com<http://www.homesbyavi.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20090107/d36f933d/attachment.html>

More information about the cisco-voip mailing list