[VoiceOps] h.323 breech and toll fraud case
Carlos Alvarez
carlos at televolve.com
Wed Jan 26 18:20:51 EST 2011
A company we work closely with, but is not our customer, had their Cisco
Call Manager hacked due to some h.323 vulnerability that I don't have
full details on yet. There were a number of calls placed to:
881835211540
881835211556
881835211547
My findings indicate these are Globalstar satellite numbers that cost
somewhere between $4 and $7/minute to call, depending on carrier. The
victim's carrier is billing them at $6.50. The total bill for the event
is around $13k. This is a small company that can't really afford this.
I am not an interested party in the sense that it wasn't on our
network, but it's a company we work with a lot and want to help. I also
want to learn from this to potentially protect our own network.
Some questions...
1. What is the scam here? The recipient of those calls doesn't gain
anything, and placing a few calls to three specific satellite phones
seems to have little purpose. Many of the calls were concurrent. It
all happened in the span of just a few hours.
2. Anyone experienced the same thing with those numbers or similar numbers?
3. About a year ago I attended an FBI presentation on VoIP fraud and
there was a VoIP specialist who gave his contact info, but I can't find
it. What is the best way for this company to report this crime?
--
Carlos Alvarez
TelEvolve
602-889-3003
More information about the VoiceOps
mailing list