Instruction manual
Introduction
2-4 Issue 9 May 2003
Known toll fraud activity
Understanding how hackers penetrate your system is the first step in learning
what to do to protect your company. Be aware that hackers communicate very
well, are extremely resourceful, and are persistent. The following is a list of known
methods hackers use to break into systems.
■ PBX-based activity
—
Maintenance port
Maintenance ports are the most recent target of abuse. In this
scenario, hackers find a PBX maintenance port number with their
“war dialer,” a device that randomly dials telephone numbers until a
modem or dial tone is obtained. They then “hack” the user ID and
password, sometimes just by using the PBX default passwords, to
enter your system. Good password selection decreases the
possibility of being hacked via the maintenance port to virtually zero.
This is the most dangerous type of abuse because once in your
system, the hackers have control over all the administrative
commands. While in your system, they have been known to:
— Turn on Remote Access or Direct Inward System Access
(DISA). (On some communications systems, this is a “yes” or
“no” option.) These situations can be difficult to detect.
Hackers have been known to change the system at 8:00 p.m.
to allow fraudulent calls. Then, at 3:00 a.m., they reprogram
the system back to its original configuration. One company
was hit three weekends in a row before they realized what
was happening.
— Turn off Call Detail Recording (CDR) or Station Message
Detail Recording (SMDR) and hack your system all weekend,
and then turn it back on before Monday morning. This is
especially disturbing to managers who are security conscious
and check the CDR/SMDR reports every morning looking for
suspicious activity. They will not see records of the calls
because CDR/SMDR was turned off by the hackers. The
administrator may notice the absence of CDR/SMDR records
for evening, night, and weekend calls made by employees.