[VoiceOps] Hackin attempts to Broadsoft voice portal

Dawson, Robert robert.dawson at mindshift.com
Mon Nov 9 14:33:51 EST 2009


As an FYI, the Call Forward Always service can be exploited through the portal as well, we had a customer with some weak passwords attacked that way.

 

To combat the problem on our BS platform we disabled call forwarding control and Voice Portal Dialing through the menus and implemented strong password policies and a forced password change across all groups. We have also started limiting international dialing on new provisioning except for accounts specifically requested to have the feature and have started strongly recommending account codes. Broadsoft does have some “best practices” type documents.

 

Most of the attacks we’ve seen have been related to “straight” fraudulent calls, i.e. offshores special services numbers,  but we actually had a directed attack at one customer where the attackers were using a compromised account to place calls to internal extensions and attempting to utilize social engineering to obtain network login credentials. Neither the FBI, nor in that case of the directed attack local law enforcement, have shown any interest in any of the cases that I know of, including one affecting a Federal agency.

 

Additionally, most of the attacks that we have seen have involved spoofed numbers, the Florida State Police in one example.

 

From: voiceops-bounces at voiceops.org [mailto:voiceops-bounces at voiceops.org] On Behalf Of Ujjval Karihaloo
Sent: Sunday, November 08, 2009 1:49 PM
To: Russell McConnachie
Cc: voiceops at voiceops.org
Subject: Re: [VoiceOps] Hackin attempts to Broadsoft voice portal

 

Thx a lot Russell. We already have those measures in place, just want to see if we can do anything else about these hackers

 

Ujjval Karihaloo

VP Voice Engineering

IP Phone: +13032428610

E-Fax: +17202391690

 

SimpleSignal Inc.

88 Inverness Circle East

Suite K105

Englewood, CO  80112

  <http://www.simplesignal.com/> 

 

From: Russell McConnachie [mailto:russell at mcconnachie.ca] 
Sent: Sunday, November 08, 2009 11:45 AM
To: Ujjval Karihaloo
Cc: voiceops at voiceops.org
Subject: Re: [VoiceOps] Hackin attempts to Broadsoft voice portal

 

Hi Ujjval 

I have had this problem also with malicious hackers attacking my voicemail boxes and making outbound calls to International destinations (Usually the Phillipines).

For the time being - I have disabled all outbound dialing through the Voice Portal. If my subscribers want a function such as this they can either use one of two things.

1.	Remote Office
2.	BroadWorks Anywhere.

Also increasing the password policies for Voice Portal/Voice Mail Passwords does help, No longer do I allow passwords which are shorter than 5 characters (As most attackers use the default 0000, 1234, 7890 password combinations). 

I am in Canada and I haven't found anything I can do besides that. 

Thanks

On Sun, Nov 8, 2009 at 10:26, Ujjval Karihaloo <ujjval at simplesignal.com> wrote:

Lot of failed attempts from 1 particular number.... 15096346223.

 

Seems to be scanning thru voice mail boxes serially attempting passwds & locking them out.

 

Last time v saw this i tracked this to be a magic jack number, i called back & a person answered & said that he can fix my voice mail for me if i gave him my password. I emailed magicjack support & they never responded.

 

Is there anything we can do to bring these malicious hackers to justice? Any one has experience un this area legally given that these hackers are mostly outside the US. 

 

Ujjval Karihaloo

VP Voice Engineering

SimpleSignal Inc.

IP Phone: +13032428610

Sent from my iphone


_______________________________________________
VoiceOps mailing list
VoiceOps at voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20091109/9dc410c9/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 3391 bytes
Desc: image001.jpg
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20091109/9dc410c9/attachment-0001.jpe>


More information about the VoiceOps mailing list