CRM vendor Legrand must realise whoever set up their phone systems made a phreaking huge mistake.
Staff at the Aussie-owned company did not hesitate to give Nortel, as well as Telstra and Optus, a serve after they became a victim of toll fraud last week.
Legrand blamed what they saw as a weakness in the Nortel PABX, namely the ability to use the call forwarding feature to route calls wherever you like. This was enabled by default, said Legrand, and posed a major security risk.
However, when I asked Legrand who installed their PABX, strangely enough they wouldn't name the culprit.
"I think it's more incumbent on the suppliers of the product and service to make people aware that there are these weaknesses," was the answer from Legrand's Oliver Reddaway, an application and support engineer.
In my opinion, it's the responsibility of the integrator to install the equipment with optimal security.
The fact is, there are settings on the Nortel PABX that can prevent toll fraud. They just weren't being used. As Nortel duly pointed out to us, this information was readily and widely available.
Knowledge like this is the very reason for the livelihood of the partner/integrator/reseller business. They are supposed to know your product better than you do.
The only action I'd be asking from Nortel would be to check whether Legrand's integrator was a Nortel partner. If so, I'd be re-evaluating that accreditation very quickly.