Beware of comms hijackers, warns Videnda’s Dooley
Business today is a world of constant communications, multiple channels, teleconferencing and videoconferencing and every form of collaboration that will improve efficiency, productivity and make life easier for workers. Unified communications continues to grow rapidly as an important business tool for example. By and large, all of that is now digital. On the one hand, that guarantees flexibility. On the other, it introduces all of the digital threats that characterise our Internet age.
Toll fraud is one of those. It is not as familiar to us as the many examples of credit card fraud in the media, but experts estimate that it accounts for financial losses of the order of $4 billion annually, more than double the credit card risks. Other authorities reckon it might total $8 billion, which just shows how poorly we are combatting it so far.
Toll fraud is essentially using other people’s accounts and lines to get free access to telecoms minutes that can be sold on. All enterprise voice systems are under threat and PBX and voicemail systems can be compromised. It is insidious, because unless your organisation has specific precautions in place the first you will know is when the bill arrives with thousands of euros of excess charges.
It is not new. Toll fraud goes back to traditional PSTN lines but has kept pace with telecommunications into the online world of hackers with IP traffic, SIP trunks and more recently even H.323 videoconferencing. It is a growing risk because most organisations do not have the systems in place to stop fraudulent use of services for which they are paying. Standard antivirus and intruder prevention systems are not focussed on this area. Smaller companies are at particular risk because they seldom have any ICT expertise in-house.
“All enterprise voice systems are under threat from toll fraud, and PBX and voicemail systems can be compromised. It is insidious, because unless your organisation has specific precautions in place the first you will know is when the bill arrives”
There are almost as many toll fraud tools as there are in general ICT security. Most of them target open SIP ports and attempt to register as a phone or trunk to your Internet-facing PBX. A particularly prevalent nuisance currently is a dialler robot that calls itself ‘Cisco’. Active PBX system features such as unified mobility, unified messaging, SIP account registration, call divert and conference facilities enhance the overall possibilities for criminal fraudsters to hack a PBX system.
Like so many other security problems, many organisations take action after an attack has been successful. In the case of toll fraud, that will be after a huge phone bill for which it is legally responsible. Telcos in Ireland may be generally willing to reach some compromise with customers when this happens but the losses are often to international carriers which can take a hard line where systems have clearly been unprotected.
But there are solutions and they are both effective and easy to have installed. Videnda Distribution works with Edgewater Networks, for instance, which offers the EdgeProtect range of session border controllers for comprehensive telecoms security, call control and SIP trunking. All VoIP, video and UC systems require protection that does not usually come from the general enterprise security solutions. Checking it all out before you get hit is more than a good idea: it is essential in today’s world.
John Dooley is senior engineer with Videnda Distribution.