the threat >>
threat home >>
how it's done >>
risks >>
liability >>
governance >>
 
risks

The tools and knowledge to hack into telephone systems (PABX) and voicemail systems are freely available over the Internet. The following are the risks to your organisation:

Toll Fraud:

The hacker can make toll calls that are billed to your company. A $USD55 billion problem worldwide and the Australian Federal Police and Australian Institute of Criminology have recognised it as a problem in Australia.

  • We are aware of more than 100 companies in Australia who have suffered major losses. The largest being $1,700,000
  • We are aware of a significant number of organisations that have suffered monthly losses of a few hundred to a few thousand dollars - every month.
  • In 2004 - 2006 in Australia the average loss per hack was $78,000 and we believe many were carried out by overseas organised crime.

Click on the images below to display examples:



[if nothing happens when you click on the images above then your browser may have blocked this content - in Internet Explorer a message appears under the address bar above]

Service Disruption:

Malicious re-programming to cause problems or rebooting of the telephone system in the middle of the day (cutting all calls in progress and loss of all telephone system services while system reboots).

Change passwords so the organisation is locked out of its own system. This can necessitate complete reconfiguration of the system if no backup is available. Either way down time and business disruption are inevitable.

Malicious re-programming to cause problems eg; deleting voicemails before they’ve been listened to, recording misleading or obscene voicemail recordings, send misleading or obscene voicemail messages to selected other extensions or all extensions, fill up the voicemail servers message capacity by broadcasting large messages and potentially crashing the system, change PIN number(s) so legitimate users can’t access.

Click on the image below to display example:

Eavesdropping:

Potential – to listen in on any calls they choose (via insecure internal extension or on IP enabled phone systems from anywhere in the world).

The FBI Survey 2003 showed that 6% of organisations surveyed were aware that their voice services had been intercepted. How many were unaware of it? (unfortunately the survey format changed so that the FBI Survey 2004 no longer asked this question).

Voicemail Theft:

Listen to voicemails regarding company initiatives or customer matters.

Click on the image below to display example:

Reprogramming of IVR (Interactive Voice Response):

What would bad PR do to your company?

Click on the image below to display example:

Use for Illegal Activities:

Pirate use of unused voicemail extensions for use in illegal activities. A Melbourne branch of an international company was hacked into and used to illicitly host a phone sex operation in 2004.

Clients who call us in for a security audit are often shocked to find how insecure their telephone systems are when they spend so much time, effort and funding to secure their IT systems.