A user from Melbourne measured 5543kbps @ Broadband Speedtest.
5 minutes ago, Click here to find out how fast your internet speed is.
Breaking News: Internode: leave us, but it's not our fault
ZDNet / VoIP / Story
VoIP hackers strike Perth business
Top related stories
A hacker recently obtained unauthorised access to the IP telephony (VoIP) system of a Perth business, making 11,000 calls costing over $120,000, according to the Western Australian police.
(Credit: ZDNet.com.au)
The calls were made over a period of 46 hours, the police said, and the business only became aware of the imposition when it received an invoice from its service provider.
Thieves have always targeted PBX systems by finding numbers used for remote calling — for mobile employees or those requiring international call access outside of business hours — to make calls at the company's expense.
This has in the past been exploited for uses such as routing calls made on cheap international phone cards, according to Pure Hacking senior security consultant Chris Gatford.
However, police said they were more concerned with the increasing number of occurrences such as that in Perth where the thieves gained access to users' VoIP network. They have issued a warning to small businesses to ramp up their VoIP security.
"Business operators should invest in appropriate security software to protect their communication systems. Most businesses are prepared to install firewalls on their computers but fail to extend that level of security to their phone systems," detective sergeant Jamie McDonald said in a statement.
Pure Hacking's Gatford said that he saw fraudsters exploiting weak VoIP passwords as more of a threat than the older style targeting of PBX systems. "From a fraud perspective, an ISP-based VoIP gateway with a weak user name and password would be the bigger problem going forward in telephony," he said.
VoIP systems from companies such as Alcatel-Lucent, Cisco and Avaya were quite good, Pure Hacking's Gatford said, but were unlikely to be found in very small businesses due to the cost.
To prevent businesses landing in the same VoIP quagmire as the Perth company, Gatford suggested that businesses create strong passwords and change them regularly. He also said that businesses with "road warriors" needed to be aware of the wireless or hotel networks they were conducting their business from.
Talkback
Firewalls are useless.
There is no meaningful deep packet inspection of VOIP traffic packets available.
Some vendors claim to have "voip aware" firewalls but they are a waste of money.
Anyway, this seems to be a case of a "hacker" merely running brute force attacks against a username/password combo.
Whoever put the VOIP system in probably left the defaults in place.
Typical amateurs !
Anonymous January 21st, 2009Safeguard against VoIP hackers
Business can generally avoid this kind of illegal activity by securing their PABX equipment as well as having management tools that alert users when unusual call behaviour occurs.
For example; you can program them to email or SMS you if calls are made to a particular country or hit a certain call duration.
Following on from other comments here, it's very secure as long as you have professional people setting it up and implementing a proper security policy around calls.
Patrick lloyd, Product Manager Voice, Macquarie Telecom January 22nd, 2009VoIP Hackers
I am not sure that all users are conversant with PABX vulnerabilities both internal and external.
Whilst I am no expert a point of access to a Telephon system that can be overlooked is a PABX's inbuilt modem [external support]. If you know that number you can become the all powerful genie.
Good management practice requires PABX systems that are supported with software that provides management with real time exception reporting.
Otherwise you pay's your money and takes your chances.....
Anonymous January 22nd, 2009You are looking at the wrong vector here
Dial through fraud is very preventable. In most cases I have seen it is not the line side VOIP vector that gets passwords, opens hole into the router/PBX/Gateway then dials out over outbound trunks....it's the trunkside.....your PSTN edge that is the access vector. (via modems, DTMF altering, DISA code entry etc). Sometimes it is accessing the gateway due to poor implimentation but the cost in incurred by the PSTN dialout. (Which exists even when you move to IP Tel) You need an inline Policy based Trunkside Firewall and IPS which carriers and PBX vendors DO NOT provide. It is the forgotten edge so to speak. Yet every enterprise has one facing the un-trusted public voice network. With a Voice FW/IPS you can look at call types and attributes on the inbound and outbound call legs. And by combining the 2 (in and out) one can profile and mitigate/enforce the behavior in a very granular fashion. The cost is derived from the long distance egress that is incurred via their PRI, Analog, SS7 trunks. Not the VOIP line side handsets. There is a solution to this very old problem. The packet only security vendors do NOT address this which is a shame.
Joe ODonnell of SecureLogix Corporation January 27th, 2009VOIP for funa nd prodit
1. Setup a per-per-minute phone service in some offshore haven
2. Hack someone elses VOIP system to dial the system on every possible outbound line and leave hte conenction open.. overnight... over the weekend
3. Profit!
Hopefully the 'victims' of this are clueful enough to analyse the DESTINATION of those calls
Anonymous February 16th, 2009Stop this problem dead
My company also had this happen ! we lost $20,000 in a night. We didn't know that there is a PABX Firewall that can now stop. It costs about $450 and is well worth it. It has stopped 3 attemps to break through our phone system todate. The Firewall is phone system based. We got when we updated our phone system to a Panasonic. The software is called Control Phreak. I just wish we had this before our 1st loss.
Anonymous November 24th, 2009Resource Centre Useful content from our premier sponsors
ZDNet Australia Live
Back to school with Adobe's Education Exchange http://bit.ly/c4hiVq
6 minutes ago by HushCryBaby on twitter
ZDNet: T-Mobile reveals more details of the upcoming G2 Android device http://zd.net/asDQdl via themacoylife.tk
6 minutes ago by TheMacoyLife on twitter
Freedom of expression online: How far should it go?: By Zack Whittaker | September 8, 2010, 8:26pm PDT Freedom of ... http://bit.ly/9m5ETk
6 minutes ago by Online2012 on twitterWell id rather see the 40 billion put into making my trip to work 20 minutes faster and reducing the price of houses so that i can actual...
9 minutes ago by rbosward on NBN roll-out rejig adds no cost: Conroy
And now we hear about the NBN Co's wireless component... http://bit.ly/95vh3f
11 minutes ago by zdnetaustralia on twitter
RT @zdnetaustralia: And now we hear about the NBN Co's wireless component... http://bit.ly/95vh3f
11 minutes ago by IDEALAW on twitter
Oracle® News: Oracle bats away pesky shareholder resolution on sustainability - ZDNet (blog): Oracle bats away pes... http://bit.ly/depA4Q
11 minutes ago by erpscoop on twitter
A bunch of common grammar mistakes that make you look stupid: http://is.gd/eQwJk #copywriting #tip
16 minutes ago by lutrov on twitter
Adobe warnt vor Exploit für neue Lücke in Reader und Acrobat http://zdnet.de/41537513/
16 minutes ago by ZDNet_de on twitter
RT @ZDNet_de: Adobe warnt vor Exploit für neue Lücke in Reader und Acrobat http://zdnet.de/41537513/
16 minutes ago by DK2GA on twitterOh you're back again old faithful, LOL! So you're no longer claiming "binding agreement" and now asking about a "for...
19 minutes ago by RS on Telstra walks while telco D-team squawks
Quo Computers' liquid-cooled Core i7 maxQ2 runs OS X, Linux, Windows 7 ... http://bit.ly/acd4nT
21 minutes ago by DTcomputers on twitter
RT @cooltheme: Back to school with Adobe's Education Exchange http://bit.ly/ddP0el
21 minutes ago by jamesmacfie on twitter
ED's Tech Update Oracle bats away pesky shareholder resolution on sustainability http://bit.ly/d4Kghr #apple #tech #gadget
26 minutes ago by ElectronicsDiva on twitter
Freedom of expression online: How far should it go? http://bit.ly/9evB3R
26 minutes ago by doug442 on twitter
Twitter, Facebook and the tornado: By Phil Wainewright | September 8, 2010, 9:51pm PDT Social networks are 800lb g... http://bit.ly/aEQnmI
26 minutes ago by erwinmcken on twitter
RT @Tlommy T-Mobile reveals more details of the upcoming G2 Android device:.. http://bit.ly/ao6Wcw
26 minutes ago by bettysargent on twitterEven all the spectrum in the world added together is hundreds of times slower than a single hairline strand of Fiber. 100,000,000,000Mbp...
28 minutes ago by Duideka on Much cheaper NBN wins it by a whiskerThe nature of wireless is that any frequency band is inherently "capped" - there is a maximum ability to carry data regardless of...
37 minutes ago by Marshall2 on Much cheaper NBN wins it by a whiskerI too am a Telstra customer. I even bought a few TLS shares when they went ex-div a few weeks back (after doing likewise previously and s...
51 minutes ago by RS on Telstra 'price squeeze' claims go to ACCC
NBN roll-out rejig adds no cost: Conroy http://bit.ly/d4LIDI via @zdnetaustralia #NBN #openinternet
51 minutes ago by efa_oz on twitterbrando1... If WiMAX2 does actually do as they claim in 2012, great. I'm sure all the NBN supporters (like me) who welcome technology ...
59 minutes ago by RS on Exetel chief: 'God help us all' on NBNAustralia has the strictest laws in the world on Telstra controlling it. If you want to see what happens without control go to America. O...
1 hour ago by Brumby on Telstra 'price squeeze' claims go to ACCCThere is some evidence the US Tea Party are bankrolled by The Koch Brothers, as reported in the New Yorker http://www.newyorker.com/repor...
1 hour ago by Blackbobs on Govt, use tech or have tech use youIt's easy to throw comments like that out there. It seems sort of reasonable on the face of it doesn't it? Things are always impr...
1 hour ago by neil_mc on Much cheaper NBN wins it by a whiskerSpeaking of political leanings... It was said to be $26B!
1 hour ago by RS on Much cheaper NBN wins it by a whiskerOh look, I've gained a new troll, LOL... I have NBN leanings big difference what yourr excuse? Don't see you bagging Scott, hmmm...
1 hour ago by RS on Abbott pledges vigilance on NBN stuff-upsAnd am I wrong? Is Australia listed on the ASX? Well... Anyway... it has been projected by McKinsey/KPMG that the NBN will be $26B... A...
1 hour ago by RS on Abbott pledges vigilance on NBN stuff-upsThanks TimC3, broken promises aside it seems that you either agree or re-iterate everything I have said in this article and previous arti...
1 hour ago by Peter Carr on Open letter against taking Gershon fundsDoes that mean that Telstra have been denied access to exchanges by, ah Telstra and Telstra were part of the case against Telstra, where ...
1 hour ago by RS on Telstra 'price squeeze' claims go to ACCCAnd you hang other people for their obvious political leanings :)
1 hour ago by mwil19 on Abbott pledges vigilance on NBN stuff-ups
Telecoms giant BT is hiring 300 staff across the Asia Pacific region http://bit.ly/bKRHRD http://fb.me/GHfzPjUU
2 hours ago by Hello_Australia on twitter
Check out Google Instant search. They say it's going to make searching easier, but is it distracting? Let us know... http://fb.me/DIPEBhCz
2 hours ago by Captiv8AU on twitter
RT @fugazied: Fibre in Tasmania #NBN http://www.zdnet.com.au/houses-linked-up-in-tassie-nbn-photos-339304569.htm?omnRef=NULL
3 hours ago by Paul_Jarman on twitterThis story has been liked 5 times in the last 24 hours!
3 hours ago, Much cheaper NBN wins it by a whisker
TechLines 6: email is a jack of all trades http://zdnet.com.au/339305877/ - so I have too much email because I have no process???
4 hours ago by buechelef on twitter
RT @zdnetaustralia: Telstra completes the majority of a $280m fibre-optic broadband roll-out for NSW DET http://bit.ly/aBmMVm
4 hours ago by ABFAB007 on twitter
Realestate.com.au adopts cloud email http://zdnet.com.au/339305876/
15 hours ago by ShaunLorrain on twitterInternode: leave us, but it's not our fault http://zdnet.com.au/339305865/
15 hours ago by ShaunLorrain on twitter
Internode: leave us, but it's not our fault http://zdnet.com.au/339305865/
16 hours ago by RokitWeb on twitter
really? i'll believe it when i see it ... "ACTA warms to ISPs?" http://j.mp/bcu7uh
20 hours ago by peterjblack on twitter
Information security systems failed to prevent a Police analyst from leaking information on raids to bikie gang? http://ow.ly/2AYYA
22 hours ago by L7Solutions on twitter
Qld Uni start-up scores MRI grant: Magnetic resonance imaging (MRI) research is about to get another boost in Quee... http://bit.ly/bFw6fk
1 day ago by tessa_alfred on twitter
ISP: TPG announce unlimited Internet plans: http://bit.ly/damLGa
1 day ago by nathanmaguire on twitterACCC takes Optus to court (again) for misleading promos http://bit.ly/awhbMJ
1 day ago by zdnetaustralia on twitterOnline hospitality tool nets venture capital: One of Australia's most prominent Web 2.0 investment groups, Future ... http://bit.ly/dt1hm0
1 day ago by tessa_alfred on twitterAussie software scores at Soccer World Cup: While Australia may not have finished well at the 2010 FIFA World Cup,... http://bit.ly/ctlKeu
1 day ago by tessa_alfred on twitter
@BigPondTeam - ok it's on http://bit.ly/b6Sl8G - they always tell employees last!
1 day ago by menga14 on twitter
Looks like Windsor & Co will be keeping an eye on the roll out of the NBN http://bit.ly/c2kjKU
1 day ago by joshgnosis on twitterKeep up with ZDNet Australia
Linkedin 
RSS Feeds 
Newsletters 
Twitter Sponsored resources
- Telstra Business Phone Systems - Find Out How To Get Free Local Calls
- 'Email is Dead' - but can anything take its place? Watch the exclusive event that was broadcast live on ZDNet!
- Big Mobile Phone Deals - Business Mobile plus plans come with big benefits and value.
- New desktop virtualization analyst research - Read the Quest paper
VoiP Hackers
What always interests me in these incidents is that there are two groups who profit out of this type of fraud, the hackers/ fraudsters and the service providers.
How come service providers get money , are able to profit from the fraud............ they haven't lost any goods other than some electricity and possibly some connection fees but they do always make money from fraud !
VoIP Hackers
You would expect that the people who foot the bill are the insurance companies, who I'm sure really wouldn't have a problem finding the cash.
I don't see why the service provider should have to waive the charges when they have actually provided the service - irrespective of how legitimate the user was!