The phreaker exploited weak/default PIN codes protecting the voice mail system and were able to dial in to the voice mail system and originate an outgoing international call, in similar to DISA or call forward exploits. it is also a reminder that toll fraud was here long before IPT.
These cases really sums up the recipe for a good toll fraud:
- PBX and added value components configured in an insecure manner
- Unneeded services and options are left on by default
- Weak authentication meathods, default or easy to guess PIN codes
- No monitoring of system utilization, call logs, abnormal events
- And finally one or more indeviduals with the passion to call some exotic far away place or simply to make money on an unsuspecting PBX owner expense.
No comments:
Post a Comment