[VOIPSEC] [ZDnet news] PABX hackers rack up $9000 phone bill

[Shawn Merdinger]

"...the one piece of equipment no one really knew anything about..."

--scm

================================================================

http://m-net.net.nz/latest-news/781/pabx-hackers-rack-up-9000-phone-bill/1/read.php

PABX hackers rack up $9000 phone bill   	
Ken Lewis
Wednesday, 18 October 2006

An Australian company has discovered that airtight server security is
not always enough after hackers broke into its telephone system and
racked up a AU$9000 bill within a week.

The company's IT manager and finance director told ZDNet Australia
that hackers broke into the firm's Nortel PABX system and used its
call-forwarding functions to run up the huge bill.

The manager, who would only speak anonymously, admitted that despite
good security on their server and network, the one piece of equipment
no one really knew anything about was the PABX system, which just
happened to be one of the most expensive.

"Over a one-week period there were an enormous amount of calls made -
there were two and three-hour calls made to the Arab Emirates,
Somalia, and other countries in Africa and South America," he told the
website.

He said the company left some unused features on its PABX enabled,
which most likely made the hack relatively easy. He advised other
companies with a PABX to arrange a security audit, ensure they know
exactly what services are enabled and to change their passwords
regularly.

He said the cost of the experience was about eight times the company's
normal monthly phone bill. "I thought international calls were
relatively cheap these days, but when you call the Arab Emirates for
three hours it is not cheap."