[VoiceOps] Hackin attempts to Broadsoft voice portal

Scott Berkman scott at sberkman.net
Mon Nov 9 11:12:29 EST 2009

Toll fraud is illegal and is actively investigated by multiple federal organizations including the FBI:




If you have the time to try and contact them, that is certainly reasonable for you to do, but keep in mind that in theory they could confiscate your equipment as evidence.


The best thing you can do is fight it from effecting anything.  If the attacks really are coming from one specific number (as opposed to changing due to spoofing) you might be able to block the calls at your SBC or other ingress point.




From: voiceops-bounces at voiceops.org [mailto:voiceops-bounces at voiceops.org] On Behalf Of Ujjval Karihaloo
Sent: Sunday, November 08, 2009 1:49 PM
To: Russell McConnachie
Cc: voiceops at voiceops.org
Subject: Re: [VoiceOps] Hackin attempts to Broadsoft voice portal


Thx a lot Russell. We already have those measures in place, just want to see if we can do anything else about these hackers


Ujjval Karihaloo

VP Voice Engineering

IP Phone: +13032428610

E-Fax: +17202391690


SimpleSignal Inc.

88 Inverness Circle East

Suite K105

Englewood, CO  80112

 <http://www.simplesignal.com/> bvoip


From: Russell McConnachie [mailto:russell at mcconnachie.ca] 
Sent: Sunday, November 08, 2009 11:45 AM
To: Ujjval Karihaloo
Cc: voiceops at voiceops.org
Subject: Re: [VoiceOps] Hackin attempts to Broadsoft voice portal


Hi Ujjval 

I have had this problem also with malicious hackers attacking my voicemail boxes and making outbound calls to International destinations (Usually the Phillipines).

For the time being - I have disabled all outbound dialing through the Voice Portal. If my subscribers want a function such as this they can either use one of two things.

1.	Remote Office
2.	BroadWorks Anywhere.

Also increasing the password policies for Voice Portal/Voice Mail Passwords does help, No longer do I allow passwords which are shorter than 5 characters (As most attackers use the default 0000, 1234, 7890 password combinations). 

I am in Canada and I haven't found anything I can do besides that. 


On Sun, Nov 8, 2009 at 10:26, Ujjval Karihaloo <ujjval at simplesignal.com> wrote:

Lot of failed attempts from 1 particular number.... 15096346223.


Seems to be scanning thru voice mail boxes serially attempting passwds & locking them out.


Last time v saw this i tracked this to be a magic jack number, i called back & a person answered & said that he can fix my voice mail for me if i gave him my password. I emailed magicjack support & they never responded.


Is there anything we can do to bring these malicious hackers to justice? Any one has experience un this area legally given that these hackers are mostly outside the US. 


Ujjval Karihaloo

VP Voice Engineering

SimpleSignal Inc.

IP Phone: +13032428610

Sent from my iphone

VoiceOps mailing list
VoiceOps at voiceops.org


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20091109/88657cf5/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 3391 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20091109/88657cf5/attachment.jpe>

More information about the VoiceOps mailing list