This is a common issue. Essentially, you didn't restrict untrusted traffic from a public interface into this box, and since the UC500 will route off an inbound SIP or H323 invite, you're getting toll fraud. Technically no one is 'hacking' you. Metaphorically, you left your front door unlocked, so anyone can just walk in, pick up your phone, and make a call. That's essentially what is happening.
Dial-peer 0 has nothing to do with it.
Do a search in the forums on toll fraud, and you'll find some results.
Specifically, here is something I wrote up a while ago on this, which should shed some light on what is occurring.
https://supportforums.cisco.com/message/3180799#3180799
To fix it, you want to restrict VoIP traffic from any untrusted source/interface. That's TCP/1720 and UDP/5060, but really security best practices say to deny everything from untrusted sources, unless you specifically know you want to allow it from somewhere. Hence, you should ahve a deny all,and only allow VoIP traffic from your ITSP (if you have one).
We've improved toll fraud prevention features with 15.1(2)T, but you can't take advantage of that on the UC500 yet until that release is built for the platform.