Hackers took over the Nortel-based PABX system of software vendor Legrand Software this week, ringing up to AU$1,800 of calls to Algeria in one night.
Legrand's Sydney headquarters learned of the attack on Tuesday morning, following a call by telco Optus alerting it of the huge bill rung up overnight. Earl White, sales and channel manager at Legrand, told ZDNet Australia today the hackers exploited a call forwarding feature of Nortel's BCM50 PABX.
"We believe there's a hole in call forwarding in Nortel. If you ring and get someone's voicemail, you can forward your call to someone else," he said.
Oliver Reddaway, application support engineer at Legrand, also criticised the networking equipment maker. He said he believed the Nortel codes for forwarding calls were well known in the hacking community.
"Obviously someone knows what the internal codes are to do this and the voicemail system forwards the calls. It was never made clear to us by the PABX suppliers [Nortel] that this thing could happen," he said.
Legrand's phone system, connected to a digital ISDN line, was setup around a year ago with call forwarding enabled by default. "There is stuff enabled by default that perhaps shouldn't be," said Reddaway. "There is a document out there on the Nortel Web site about this, but certainly we were never made aware of it."
The company declined to name the consultancy that actually installed its phone systems, instead blaming Nortel. "I think it's more incumbent on the suppliers of the product and service to make people aware that there are these weaknesses," Reddaway said.
Legrand has changed its phone access codes and has disabled call forwarding and international outbound calls for the time being.
The company also blamed carriers Optus and Telstra for their inability to stop the calls once discovered. "Optus don't seem to be able to tell us what's happening other than: 'You're going to get huge bills'," Reddaway said. The carrier was yet to provide Legrand with a list of the unauthorised calls.
Reddaway said once Optus informed them of the attacks, they asked the carrier to prevent repeat calls. Optus responded that it was unable to do so as the phone lines are owned by Telstra. Legrand has yet to receive any assistance from either carrier, according to Reddaway.
"It's a bit annoying that Telstra and Optus put this in the too hard basket," he said. Neither Telstra nor Optus were able to comment on the issue by press time.
Nortel said it did not wish to comment on the situation before knowing more detail. However, a spokesperson said the vendor has e-mail bulletins and Web site information devoted to preventing hacking attempts.
The attack on the Nortel PABX is similar to the one perpetrated on a NSW firm in October 2006.
How is this hacking into a Nortel PBX? There is no breaking of code here! There are no hacking passwords!
The installer or the company removed the default security settings. How is that Nortel's issue? If some doesn't change the administrators password on a windows box do you write an article saying Windows been hacked? No you laugh because everyone knows you need to take responsibility of security in your environment. In the telephone world that is call protecting against toll fraud. Toll Fraud requires someone from the INSIDE (and I don't mean Nortel) to open up the ports to allow call forwarding off site and you have to allow certain numbers to be dialed. In the Nortel PBX world as in all PBX vendors (Avaya, Mitel, Siemens, etc) these ports are shut off by default.
This is a sad excuse for reporting and you need to do a little more investigation before you write false statements like this. Sounds like you got a bone to pick with Nortel, so why don't you say what’s on your mind instead of making continuous statements on a subject that you obviously have no knowledge about.