VoIP hackers strike Perth business

Summary:A hacker recently obtained unauthorised access to the IP telephony (VoIP) system of a Perth business, making 11,000 calls costing over $120,000, according to the Western Australian police.

A hacker recently obtained unauthorised access to the IP telephony (VoIP) system of a Perth business, making 11,000 calls costing over $120,000, according to the Western Australian police.

(Credit: ZDNet.com.au)

The calls were made over a period of 46 hours, the police said, and the business only became aware of the imposition when it received an invoice from its service provider.

Thieves have always targeted PBX systems by finding numbers used for remote calling — for mobile employees or those requiring international call access outside of business hours — to make calls at the company's expense.

This has in the past been exploited for uses such as routing calls made on cheap international phone cards, according to Pure Hacking senior security consultant Chris Gatford.

However, police said they were more concerned with the increasing number of occurrences such as that in Perth where the thieves gained access to users' VoIP network. They have issued a warning to small businesses to ramp up their VoIP security.

"Business operators should invest in appropriate security software to protect their communication systems. Most businesses are prepared to install firewalls on their computers but fail to extend that level of security to their phone systems," detective sergeant Jamie McDonald said in a statement.

Pure Hacking's Gatford said that he saw fraudsters exploiting weak VoIP passwords as more of a threat than the older style targeting of PBX systems. "From a fraud perspective, an ISP-based VoIP gateway with a weak user name and password would be the bigger problem going forward in telephony," he said.

VoIP systems from companies such as Alcatel-Lucent, Cisco and Avaya were quite good, Pure Hacking's Gatford said, but were unlikely to be found in very small businesses due to the cost.

To prevent businesses landing in the same VoIP quagmire as the Perth company, Gatford suggested that businesses create strong passwords and change them regularly. He also said that businesses with "road warriors" needed to be aware of the wireless or hotel networks they were conducting their business from.

Topics: Unified Comms, Legal

About

Suzanne Tindal cut her teeth at ZDNet.com.au as the site's telecommunications reporter, a role that saw her break some of the biggest stories associated with the National Broadband Network process. She then turned her attention to all matters in government and corporate ICT circles. Now she's taking on the whole gamut as news editor for t... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.