[asterisk-users] fraud advice

[Jeff LaCoursiere]

Hi,

Embarrassed as I am to write this, I am hoping for some advice.  One of 
our very first PBX installs, now six years old, was "taken advantage of" 
over the past few weeks.  A victim of sipvicious, I assume, that managed 
to guess one of the SIP passwords.  4000 calls to various middle eastern 
destinations have been placed, which ended up being sent over our 
customer's PSTN trunk, and of course there was no warning until the bill 
came today.  Unfortunately the bill only covered the first few days of 
this fiasco, and was only $700.  I am afraid the one that is on the way 
will be tens of thousands.  ONE CALL on the bill that just arrived was 
$200 (80 minutes to Sierra Leone).

I'm sure this started out as a single scan.  It must have been posted, 
because I have at least ten IP addresses now that were placing calls via 
the same peer.  They are from all over the world.

So what is the accepted procedure?  I'm in the US Virgin Islands, so do I 
go to the FBI?  Police?  Is their some telecom fraud body to report such 
things to?  Does any one ever get any relief from such events?

I'm basically sick to my stomach right now.

j