[VoiceOps] h.323 breech and toll fraud case

[Carlos Alvarez]

A company we work closely with, but is not our customer, had their Cisco 
Call Manager hacked due to some h.323 vulnerability that I don't have 
full details on yet.  There were a number of calls placed to:

881835211540
881835211556
881835211547

My findings indicate these are Globalstar satellite numbers that cost 
somewhere between $4 and $7/minute to call, depending on carrier.  The 
victim's carrier is billing them at $6.50.  The total bill for the event 
is around $13k.  This is a small company that can't really afford this. 
  I am not an interested party in the sense that it wasn't on our 
network, but it's a company we work with a lot and want to help.  I also 
want to learn from this to potentially protect our own network.

Some questions...

1.  What is the scam here?  The recipient of those calls doesn't gain 
anything, and placing a few calls to three specific satellite phones 
seems to have little purpose.  Many of the calls were concurrent.  It 
all happened in the span of just a few hours.

2.  Anyone experienced the same thing with those numbers or similar numbers?

3.  About a year ago I attended an FBI presentation on VoIP fraud and 
there was a VoIP specialist who gave his contact info, but I can't find 
it.  What is the best way for this company to report this crime?

-- 
Carlos Alvarez
TelEvolve
602-889-3003