[asterisk-users] fraud advice

Jeff LaCoursiere jeff at sunfone.com
Fri Oct 15 10:50:18 CDT 2010


On Fri, 2010-10-15 at 11:20 -0400, Steve Totaro wrote:

> This is nothing new.  Trunk to trunk transfers and other exploits
> could be used on old school phone systems to do the same thing.
> 
> I would start with getting the current balance, if over $10k call the
> FBI, call them anyways, it couldn't hurt.  You want the Feds to check
> things out before local police if possible.
> 
> Gather as much info as possible, along with police and FBI case
> numbers and then call the carrier and see what can be done.
> 
> A friend of mine took what was supposed to be my one month rotation to
> Iraq.  I had too much going on to be in Iraq for a month and a half
> and had taken the last rotation so it wasn't even my turn.
> 
> The phone bill came for his cell (company provided on Asia Cell) for
> $4k in just a couple weeks.  It turns out that he was not using the
> cell and one of the cleaning people stole his SIM.
> 
> After contacting Asia Cell a few times about the matter, they credited
> the whole amount back.  So you never know.
> 
> As for security, I assume you need to allow these extensions to
> register from outside the LAN?  If not, then only allow them to
> register via a LAN IP, I would do it with iptables, only allow the
> provider IP through.
> 
> I am curious what your user:pass was?  something like 1000:1000, I see
> many systems setup like this and am surprised they haven't been hit
> yet.
> 
> In the future, you could use a scheme that makes it much more secure
> and also pretty easy to maintain.
> 
> The username could be the MAC and the pass could be the serial number
> or asset tags if you use them.
> 
> I know there must be dozens of people reading this that have had the
> same issue but are embarrassed to speak up.
> 

Thanks Steve - that is the kind of advice I was looking for.  I'm
willing to take my lumps for the weak passwords on those accounts, and
the lack of any filtering.  I do understand the issues and the steps I
need to take to better secure the switches in service, and just need to
get off my a$$ and do it.

Mainly I am hoping to hear from someone who has gone through the
aftermath - as you mention above.  So far I have had a discussion with
the carrier who is "opening an investigation".  I'll contact the FBI
today as well.  I'll send an update when this is all over for posterity.


> (BTW Sierra Leone is in West Africa, not the Middle East.)
> 

True ;)  Most of the calls were Iraq, UAE, Lebanon... Found another one
today that was 2.5 DAYS long to Chile.  Bizarre.

j





More information about the asterisk-users mailing list