Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
892
Views
0
Helpful
9
Replies

international calling fraud

rvincent
Level 1
Level 1

‎07-31-2003 09:18 AM - edited ‎03-13-2019 01:00 AM

call manager 3.2 with unity 3.15 system:

customer was told by local carrier that there are international calls being made from 5 numbers. These numbers are DID's used for voice mail only. Call manager fwds them directly to unity - no phones.

When I call the numbers, they all have the same subscriber greeting that sounds like a hello with a pause and then, what sounds like a continuous string of tones.

Its obvious that the mailboxes were hacked, but I can't figure out what the greeting is doing.

Unity restriction table is blocking 9011 calls.

Any ideas ?

Thanks

Rob

Labels:
0 Helpful
9 Replies 9

paul.harrison
Level 4
Level 4

‎07-31-2003 02:21 PM

Configure the calling search space for the unity ports to block 9011. In fact whilst you are at it configure the calling search space for the unity ports to only allow through those calls you want to go through, say a maximum of mobile.

Also make sure there is no way of dialing any kind of code that may use a transit network. In the UK it's possible to prefix a call with 141 to withhold the CLI. If you can do something like this with your carrier then block it.

Don't let Unity do it's own call barring, it's a very bad idea as users could potentially override it, whereas if it's on call manager then unity can't get out and there's nothing the users/phrakers can do.

Paul (who once witnessed a phracker run up a $25,000 bill in 2 days)

0 Helpful

azam_anwar
Level 2
Level 2

‎07-31-2003 02:32 PM

Hi,

I had a problem with calling fraud carried out via Unity last year. The simplest way to resolve it is within Unity, go to CALL MANAGEMENT - RESTRICTION TABLES and delete the default entries and change the * entry to "not allowed". This prevents call transfer to any numbers.

You can also use calling search spaces to restrict what type of numbers can be reached.

Regards

Azam

0 Helpful

josegre
Level 1
Level 1
In response to azam_anwar

‎08-01-2003 04:39 AM

i cant find in ccm RESTRICTION TABLES

0 Helpful

paul.harrison
Level 4
Level 4
In response to josegre

‎08-01-2003 06:22 AM

That's because they are on unity.

If you want to do restrictions using call manager then you need to apply appropriate Partition/calling search spaces to the ports to prevent them calling out.

Paul

0 Helpful

glen.johnson
Level 1
Level 1

‎08-05-2003 05:42 PM

Could this be the same as the AT%T, I think, voice mail hack? Someone hacks into your voice mail system. Records the greeting you described. Now I'm over seas and call your voice mail system collect. Yes, yes the toll computer hears so your system pays for the call. I leave my message. Now my contact somewhere else calls the voice mail system and picks up my message. You pay for both calls, no matter where they originate from as long as the collect call verification is done by computer.

0 Helpful

eschulz
Cisco Employee
Cisco Employee
In response to glen.johnson

‎08-06-2003 10:22 AM

This is also used for third party billing services.

With the greeting recorded as you have, the hacker will...

- directly call the long-distance operator

- request to place a call to his buddy in country X

- request billing for the call be charged to his "home" number

- provides your DID number as the "home" number

So the operator (typically automated) then...

- calls your DID and hits the hacked greeting

- asks if charges will be accepted

- hears the greeting say, "yeah, sure. I'll accept the charges"

- disconnects from Unity

- connects the hacker to his buddy in country X

Now, your DID gets charged for the duration of the call between hacker and buddy. In this case, no amount of restriction tables will help. You need to ensure mailboxes are locked down (no default passwords) and unless absolutely necessary have your PSTN service provider disable all third-party billing for those DID lines.

Regards,

Eric

0 Helpful

paul.harrison
Level 4
Level 4
In response to eschulz

‎08-06-2003 10:30 AM

If this is the way that voice mails are getting hacked then you have to ask the question.

"What kind of bloody stupid country would allow a call to be charged to a phone line other than the one that originated the call?"

This was not how I've seen it done, I've seen people hack and forward mailboxes to a destination so that when a caller dials that mailbox they get re-routed off switch to the long distance destination. This method can be prevented.

Eric you are right if the operator calls the did and can transfer the call charge to that number then no amount of call barring will do, however as I said it is a crazy system that allows this to happen.

Paul

0 Helpful

eschulz
Cisco Employee
Cisco Employee
In response to paul.harrison

‎08-06-2003 09:55 PM

Crazy system indeed. I agree wholeheartedly. A quick web search for "THIRD PARTY BILLING" FRAUD will show you it is for real.

http://www.wired.com/news/infostructure/0,1377,58517-2,00.html

I believe most service provides will allow you to block all third party billing to your lines but I assume this "feature" is enabled by default.

0 Helpful

rvincent
Level 1
Level 1
In response to eschulz

‎08-06-2003 10:42 AM

Eric:

Thanks.

I've heard of this, but the greeting didn't sound like it was accepting a call. What sounded like tones on the greeting made me think it may be an automated acceptance where the caller was prompted to enter a one for accept, etc.

I called ATT to see how they handle 3rd party billing and she said they must have a verbal acceptance, but couldn't vouch for how other carriers do it.

Rob

0 Helpful
Customers Also Viewed These Support Documents