[asterisk-users] fraud advice

Andrew Latham lathama at gmail.com
Fri Oct 15 11:07:26 CDT 2010 

I would like to know about that Chile destination.

always start here: http://www.spamhaus.org/drop/


~
Andrew "lathama" Latham
lathama at gmail.com

* Learn more about OSS http://en.wikipedia.org/wiki/Open-source_software
* Learn more about Linux http://en.wikipedia.org/wiki/Linux
* Learn more about Tux http://en.wikipedia.org/wiki/Tux



On Fri, Oct 15, 2010 at 12:50 PM, Jeff LaCoursiere <jeff at sunfone.com> wrote:
> On Fri, 2010-10-15 at 11:20 -0400, Steve Totaro wrote:
>
>> This is nothing new.  Trunk to trunk transfers and other exploits
>> could be used on old school phone systems to do the same thing.
>>
>> I would start with getting the current balance, if over $10k call the
>> FBI, call them anyways, it couldn't hurt.  You want the Feds to check
>> things out before local police if possible.
>>
>> Gather as much info as possible, along with police and FBI case
>> numbers and then call the carrier and see what can be done.
>>
>> A friend of mine took what was supposed to be my one month rotation to
>> Iraq.  I had too much going on to be in Iraq for a month and a half
>> and had taken the last rotation so it wasn't even my turn.
>>
>> The phone bill came for his cell (company provided on Asia Cell) for
>> $4k in just a couple weeks.  It turns out that he was not using the
>> cell and one of the cleaning people stole his SIM.
>>
>> After contacting Asia Cell a few times about the matter, they credited
>> the whole amount back.  So you never know.
>>
>> As for security, I assume you need to allow these extensions to
>> register from outside the LAN?  If not, then only allow them to
>> register via a LAN IP, I would do it with iptables, only allow the
>> provider IP through.
>>
>> I am curious what your user:pass was?  something like 1000:1000, I see
>> many systems setup like this and am surprised they haven't been hit
>> yet.
>>
>> In the future, you could use a scheme that makes it much more secure
>> and also pretty easy to maintain.
>>
>> The username could be the MAC and the pass could be the serial number
>> or asset tags if you use them.
>>
>> I know there must be dozens of people reading this that have had the
>> same issue but are embarrassed to speak up.
>>
>
> Thanks Steve - that is the kind of advice I was looking for.  I'm
> willing to take my lumps for the weak passwords on those accounts, and
> the lack of any filtering.  I do understand the issues and the steps I
> need to take to better secure the switches in service, and just need to
> get off my a$$ and do it.
>
> Mainly I am hoping to hear from someone who has gone through the
> aftermath - as you mention above.  So far I have had a discussion with
> the carrier who is "opening an investigation".  I'll contact the FBI
> today as well.  I'll send an update when this is all over for posterity.
>
>
>> (BTW Sierra Leone is in West Africa, not the Middle East.)
>>
>
> True ;)  Most of the calls were Iraq, UAE, Lebanon... Found another one
> today that was 2.5 DAYS long to Chile.  Bizarre.
>
> j
>
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>               http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>

More information about the asterisk-users mailing list