<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p
        {mso-style-priority:99;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
        {mso-style-priority:34;
        margin-top:0in;
        margin-right:0in;
        margin-bottom:0in;
        margin-left:.5in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
span.EmailStyle18
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;}
@page Section1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
        {page:Section1;}
/* List Definitions */
@list l0
        {mso-list-id:47994923;
        mso-list-type:hybrid;
        mso-list-template-ids:627446424 67698713 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
ol
        {margin-bottom:0in;}
ul
        {margin-bottom:0in;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>I made a comment about this at Astridevcon. We have seen an
increase in Automated Brute Force hacking attempts against publically
accessible VoIP systems. Basically, the hackers use an automated tool to hack
into a VoIP system w/ insecure passwords (ala extension 100 w/ a password of
100). Once they gain access, they use it to either:<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><span
style='mso-list:Ignore'>a.<span style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Send a bunch of calls to places like Cuba, were costs can be $.30
/ minute.<o:p></o:p></span></p>
<p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span
style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><span
style='mso-list:Ignore'>b.<span style='font:7.0pt "Times New Roman"'>
</span></span></span><![endif]><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Have an auto-dialer blast out calls for credit-card scamming.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>There was an FBI announcement not too long ago about a “Vishing”
scam that was targeting Asterisk PBX systems:<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>http://blogs.digium.com/2008/12/06/sip-security-and-asterisk/<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>At this point, if you have your VoIP system attached to the
public Internet, and are not taking security precautions such as using strong
passwords and judicious firewalling, it is only a matter of time until you get
hacked.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>
asterisk-biz-bounces@lists.digium.com
[mailto:asterisk-biz-bounces@lists.digium.com] <b>On Behalf Of </b>Jai Rangi<br>
<b>Sent:</b> Saturday, February 07, 2009 6:57 PM<br>
<b>To:</b> Commercial and Business-Oriented Asterisk Discussion<br>
<b>Subject:</b> Re: [asterisk-biz] PBX got Hacked<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal style='margin-bottom:12.0pt'>$2000 calls in one hours? The
fraud user must be a professional hacker and should have some kind of VoIP
system and 10s (if not hundreds) of friends calling at the same time. <br>
<br>
<o:p></o:p></p>
<div>
<p class=MsoNormal>On Sat, Feb 7, 2009 at 3:46 PM, Gregory Boehnlein <<a
href="mailto:damin@nacs.net">damin@nacs.net</a>> wrote:<o:p></o:p></p>
<div>
<div>
<p><span style='font-size:11.0pt;color:#1F497D'>Let me guess…</span><o:p></o:p></p>
<p><span style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p>
<p style='text-indent:-.25in'><span style='font-size:11.0pt;color:#1F497D'>1.</span><span
style='font-size:7.0pt;color:#1F497D'> </span><span
style='font-size:11.0pt;color:#1F497D'>The Switchvox was open to the Internet</span><o:p></o:p></p>
<p style='text-indent:-.25in'><span style='font-size:11.0pt;color:#1F497D'>2.</span><span
style='font-size:7.0pt;color:#1F497D'> </span><span
style='font-size:11.0pt;color:#1F497D'>The extensions were simple (three / four
digits) and the passwords matched the extensions</span><o:p></o:p></p>
<p style='text-indent:-.25in'><span style='font-size:11.0pt;color:#1F497D'>3.</span><span
style='font-size:7.0pt;color:#1F497D'> </span><span
style='font-size:11.0pt;color:#1F497D'>The attacker was able to register from
the public Internet as one of the users and send the calls.</span><o:p></o:p></p>
<p><span style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p>
<p><span style='font-size:11.0pt;color:#1F497D'>Sounds much more like an
installation done by someone who had no clue about IP security. Don't blame
Switchvox for the installers lack of a clue.. Switchvox is designed to run
behind a firewall, and best practices for installation would dictate that you
be very paranoid about what to allow to communicate w/ the PBX. Allowing it to
be openly accessed on the Public Internet is shear stupidity.</span><o:p></o:p></p>
<p><span style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p>
<p><span style='font-size:11.0pt;color:#1F497D'>So.. what am I missing here?</span><o:p></o:p></p>
<p><span style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p>
<div style='border:none;border-left:solid windowtext 1.5pt;padding:0in 0in 0in 4.0pt;
border-color:-moz-use-text-color -moz-use-text-color -moz-use-text-color blue'>
<div>
<div style='border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0in 0in 0in;
border-color:-moz-use-text-color -moz-use-text-color'>
<p><b><span style='font-size:10.0pt'>From:</span></b><span style='font-size:
10.0pt'> <a href="mailto:asterisk-biz-bounces@lists.digium.com" target="_blank">asterisk-biz-bounces@lists.digium.com</a>
[mailto:<a href="mailto:asterisk-biz-bounces@lists.digium.com" target="_blank">asterisk-biz-bounces@lists.digium.com</a>]
<b>On Behalf Of </b>VIP Carrier<br>
<b>Sent:</b> Saturday, February 07, 2009 6:36 PM<br>
<b>To:</b> Commercial and Business-Oriented Asterisk Discussion<br>
<b>Subject:</b> [asterisk-biz] PBX got Hacked</span><o:p></o:p></p>
</div>
</div>
<p> <o:p></o:p></p>
<div>
<div>
<p class=MsoNormal style='margin-bottom:12.0pt'>Guys,<br>
I can't belive that our client's PBX got hacked today.<br>
My client has a SwitchVOX SMB and it got hacked!<br>
some F@ckers with a following IP's <br>
91.121.132.208<br>
69.60.114.222<br>
was able to send a calls in a matter of 1 hr for more then $2000<br>
<br>
what can I say stay a way from switchvox <o:p></o:p></p>
</div>
</div>
<p class=MsoNormal><span style='color:#888888'>-- <br>
This message has been scanned for viruses and <br>
dangerous content by <a
href="http://www.n2net.net/Products.asp?PageId=1&SubId=14" target="_blank"><b>N2Net
Mailshield</b></a><b>, and is <br>
believed to be clean. </b></span><b><o:p></o:p></b></p>
</div>
</div>
</div>
<p class=MsoNormal><b><br>
_______________________________________________<br>
--Bandwidth and Colocation Provided by <a href="http://www.api-digital.com--"
target="_blank">http://www.api-digital.com--</a><br>
<br>
asterisk-biz mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-biz"
target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-biz</a><o:p></o:p></b></p>
</div>
<p class=MsoNormal><b><br>
<br>
-- <br>
This message has been scanned for viruses and <br>
dangerous content by <a
href="http://www.n2net.net/Products.asp?PageId=1&SubId=14">N2Net Mailshield</a>,
and is <br>
believed to be clean. </b><o:p></o:p></p>
</div>
</div>
</body>
</html>