{"id":860,"date":"2009-07-18T14:10:30","date_gmt":"2009-07-18T18:10:30","guid":{"rendered":"http:\/\/rbach.net\/blog\/?p=860"},"modified":"2022-12-30T12:14:35","modified_gmt":"2022-12-30T17:14:35","slug":"weak-pbx-passwords-cost-55-million","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/weak-pbx-passwords-cost-55-million\/","title":{"rendered":"Weak PBX Passwords Cost $55 Million"},"content":{"rendered":"

\"WeakThe U.S. Justice Department<\/a> unsealed indictments against three Filipino residents on 06-12-2009 for an international PBX hacking scheme. According to Security Fix<\/a><\/em>, the three are accused of hacking into thousands of private telephone networks in the U.S. and abroad, and then selling access to those networks at call centers in Italy that advertised cheap international calls and used the profits to help finance terrorist groups in Southeast Asia.<\/p>\n

\"brokeThe U.S. government alleges that the people arrested in the Philippines<\/a> were responsible for hacking private branch exchange (PBX) systems and voice mail systems owned by more than 2,500 companies worldwide. The indictments<\/a> allege that between October 2005 and December 2008, Manila residents Mahmoud Nusier, Paul Michael Kwan and Nancy Gomez broke into PBX and voice mail systems, mainly by exploiting factory-set or default passwords on the systems. According to Erez Liebermann,\u00a0 assistant U.S. attorney for New Jersey, “The default passwords were left open in most of these PBX systems<\/a>.”<\/p>\n

The government charges that Italian call center operators paid the hackers $100 for each hacked PBX system they found. The defendants are charged with computer hacking, conspiracy to commit wire fraud, and access device fraud. The case was filed in the U.S. District Court of New Jersey, the home of long-distance provider AT&T. The documents allege the thieves used the hacked PBX systems to relay more than 12 million minutes in unauthorized international phone calls, or $55 million worth of telephone charges.<\/p>\n

According to Reuters<\/a><\/em> the defendants allegedly sold access to the compromised systems to 40-year-old Pakistani Mohammed Zamir, the manager of a call center in Brescia, Italy<\/a>. Italian authorities arrested Zamir and at least four other Pakistani men operating call centers throughout Northern<\/a> Italy. According to the AP<\/a> and Carlo De Stefano, head of Italy’s anti-terrorism police unit, much of the proceeds were sent to the Philippines and may have been forwarded to Islamic extremist groups<\/a> in the region, including Al-Qaeda-linked Abu Sayyaf. \u201cThere are strong suspicions and some clues, but nothing concrete,\u201d De Stefano said.<\/p>\n

Rb-<\/em><\/strong><\/p>\n

No matter the system (TCM, VoIP<\/a>, SIP, T’s) sloppy installation practices can make any type of system vulnerable. That’s why I always include a requirement that all manufacturer and VAR account passwords be changed before the equipment is brought on-site and that they are changed by the Owner at the time of acceptance of the system. I have started to back this up by tying this requirement to their PLM bond requirements. <\/em><\/p>\n

We also recommend to our clients that they disable international calling by default on their system and only allow it as required, based on the concept of least privilege<\/a>.<\/em><\/p>\n

 <\/p>\n

Ralph Bach<\/a>\u00a0has been in IT long enough to know better and has blogged from his\u00a0Bach Seat<\/a> about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn,\u00a0Facebook<\/a>,\u00a0and\u00a0Twitter<\/a>. Email the Bach Seat\u00a0here<\/a>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

Feds charged three for breaking into PBX and voice mail systems by exploiting factory-set or default passwords on the systems to the cost of $55M<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[15],"tags":[3216,67,15,2541,66,4],"class_list":["post-860","post","type-post","status-publish","format-standard","hentry","category-networking","tag-3216","tag-hack","tag-networking","tag-passwords","tag-pbx","tag-security"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/860","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/comments?post=860"}],"version-history":[{"count":6,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/860\/revisions"}],"predecessor-version":[{"id":130001,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/860\/revisions\/130001"}],"wp:attachment":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/media?parent=860"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/categories?post=860"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/tags?post=860"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}