| |||||||||
 |
| ||||||||
| |||||||||||||||
| |||||||||||||||
| BCM and Norstar ICS, CICS, MICS, BCM, BCM 50 BCM 200 and BCM 400, Startalk Voicemail call pilot 150 |
| Tags: defeat, fraud, linequot, prevent, quotchoose, toll |
  |
| | LinkBack | Thread Tools | Display Modes |
| |||||||||
|
| ||||||||
| |||||||||||||||
| |||||||||||||||
| BCM and Norstar ICS, CICS, MICS, BCM, BCM 50 BCM 200 and BCM 400, Startalk Voicemail call pilot 150 |
| Tags: defeat, fraud, linequot, prevent, quotchoose, toll |
| |
| | LinkBack | Thread Tools | Display Modes |
 02-17-2006, 01:14 PM | #1 (permalink) | ||||||||
| Junior Member
Rep Power: 0  | CALL PILOT - CENTREX USERS I have some toll fraud going on. I think the perpetrator is coming in and going to voice mail then somehow getting an outside line. My logs are similar in the offending cases. Here is what a couple look like. -------- 02/15/06 17:03:04 LINE = 0131 STN = 268 CALLING NUMBER 7185305773 NAME WIRELESS CALLER UNKNOWN BC = SPEECH 00:00:00 INCOMING CALL RINGING 0:08 00:00:31 HOLD 00:00:41 TRANSFERRED -------- 02/15/06 17:03:45 LINE = 0131 STN = 267 00:00:00 FROM TRANSFER 00:00:00 UNHOLD 00:00:41 CALL RELEASED -------- 02/15/06 17:03:06 LINE = 0075 STN = 375 BC = SPEECH 00:00:00 OUTGOING CALL DIGITS DIALED 0116324304539 00:02:17 CALL RELEASED ++++++++++++++++++++++++++++++++++++ *021506 183600 0121 270 PRIVATE PRIVATE U A -------- 02/15/06 18:39:21 LINE = 0123 STN = 269 BC = SPEECH 00:00:00 INCOMING CALL RINGING 0:05 00:00:07 CALL RELEASED -------- 02/15/06 18:39:45 LINE = 0130 STN = 269 BC = SPEECH 00:00:00 INCOMING CALL RINGING 0:05 00:00:05 CALL RELEASED -------- 02/15/06 18:36:33 LINE = 0124 STN = 269 BC = SPEECH 00:00:00 INCOMING CALL RINGING 0:04 00:00:08 HOLD 00:00:09 UNHOLD 00:02:48 HOLD 00:02:58 UNHOLD 00:03:12 HOLD 00:03:19 UNHOLD 00:03:19 HOLD 00:03:22 UNHOLD 00:03:23 CALL RELEASED -------- 02/15/06 18:39:05 LINE = 0075 STN = 375 BC = SPEECH 00:00:00 OUTGOING CALL DIGITS DIALED 0116324304539 00:00:51 CALL RELEASED ++++++++++++++++++++++++++++++++++++ There is a patter with the LINE and STN. That particular STN is my voice mail used by my remote users. And that line is an outbound trunk. I have read around in the documentation of my switch (BCM 2.5/CallPilot 1.0) and they make mention of people being able to access outside lines (in my case LINE 0075). It particularly says "remote users can choose a line." How do they switch the line they are using manually? I figure if I can disable this functionality it would be a good step. I am very new to this phone business so please go easy on me. I am sorry if I butchered your terminology in any way.  | ||||||||
 |   |
| 02-17-2006, 02:52 PM | #2 (permalink) |
| Junior Member  | Toll Fraud is a large, complicated subject. I have been working on N* and BCM's for quite a while and I don't even understand all the ways an auto-attendant/voicemail system can be hacked. I have been involved in a few toll fraud cases over the years, and even then, Nortel support just gives you ways to combat it, they don't explain exactly how they think someone hacked your system. They don't want people to know all the ways to hack thier stuff. Also, if I was an expert in toll fraud, it would be unwise to post methodologies of phreaking on this site. All that being said, I have some comments. Specifically, there are ways of allow remote users access to thier voicemail boxes that do not involve the use of a dedicated, unattended extension. Look under remote access in the Call Pilot docs. You need to practice good password policy for AA programming and individual mailboxs. If you have any remote programming access (dial up or network) disable/disconnect these at least for the near term. Go through your mailbox list and delete all unused mailboxes. Go through all the individual mailboxes and deny outbound transfer and remote message notification. If someone ABSOLUTELY needs these features, you may want to deny them for the near term until the hackers move on to greener pastures. If the hacking continues, you may have to use business hours based or full time restriction service. This is set up under Telephony Services/Scheduled Services/Restriction Services. See the docs. Essentially, a user will have to input a 6 digit class of service code to make an outgoing phone call. Offsite users cannot , to my knowledge, bypass programmed line/set restrictions. If you have management/users barking about this, consider the following: A year or so ago, we had a customer, BCM, sattelite office of less than 10 people, get hacked to the tune of 50K. No foolin'. Sprint was thier LD carrier and thier policy , even though it was painfully obvious which calls were phreakers, was - these are your lines, the calls were made on your lines, we don't administer your phone system, pay now. Last I heard they offered to settle for a measly 25 grand. We tried all manner of the usual procedures and the hacking did not stop until we implemented 24 hour line/set restrictions that meant a 6 digit COS password for every single outgoing call. I'm sure others have stories, good luck. |
| | |
| |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| Display Modes | |
| |
 Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Toll Fraud Help | TelecomDude | Definity Support | 14 | 11-06-2003 09:55 AM |
Linear Mode
