Focus on: How to combat toll fraud

Telemarketing, Nov 1995 by Aginsky, Alon

Some estimate that telephone fraud in the U.S. exceeds 3 billion dollars annually. The frightening part is that this is only from customer premise equipment (CPE) and does not include calling card and cellular fraud.

PBX toll fraud is very big--and very organized. The "hackers" have their own communication network on the Internet, have their own magazine called 2600, and they meet monthly in more than 15 U.S. cities and five different countries. They know everything you would like to hide about your PBX. Some of them have even programmed PBXs, voice mail systems, ACDs and other telecommunication equipment. They know how to get in, access your "secret" passwords, and manipulate your data, long-distance routing tables and even your "personal" mail boxes.

What can you do? How can you better protect your PBX, voice mail and ACD, and how concerned should you be about the future of toll fraud? Here are some answers to the most common questions.

Q: What is toll fraud?

A: Toll fraud is defined as the unauthorized use of a company's phone system. It is theft of long-distance services by a) an unrelated third party, b) a staff member of a long-distance carrier, local telco or vendor, or c) the user's staff member.

Q: What are the most frequently used methods of toll fraud?

A: There are seven frequently used methods of committing toll fraud. They are:

1. Free access through "800" lines,

2. PBX manipulation,

3. Voice mail penetration,

4. Failure to install/use CDR or SMDR,

5. Maintenance port tampering,

6. Remote access abuse (DISA),

7. Staff/operator deception.

Q: Who is most likely to access our equipment unlawfully?

A: As is the case with any other unlawful act, criminals in this industry, who are referred to as "hackers," do it mainly for the money. Others do it for fun, professional challenge and/or out of boredom. Still others know how easy it is, know the codes, have the proper equipment and cannot resist the temptation. They pick up an 800 number listing of U.S. corporations, download the listing to their PC database, and use a variety of "home-grown war dialers" to call into your auto attendant at your expense. In most cases, they can recognize the manufacturer/brand by the prompts and determine which password ranges on which to concentrate. With some luck and persistence, they will "hack" into their first system within the hour.

Most of the activity is through call/sell operators who operate in urban communities, mainly by immigrants for immigrants who call to countries like the Dominican Republic, China, Pakistan and Egypt at a rate of $10 for a 30- to 45-minute call. The calls usually take place after regular business hours or on weekends where the excessive PBX traffic will go on unnoticed and uninterrupted.

Q: How do hackers get the numbers?

A: There are different methods of obtaining telephone codes:

1. "Dumpster divers," or the people who go through your trash and look for phone bills, computer printouts or product manuals.

2. "Shoulder surfers," those people who stand particularly close to you at a pay phone (in airports, bus terminals, etc.) while you dial your DISA password, voice mail code or calling card number so they can capture your dialing sequence.

3. Hackers publish their findings in magazines, BBS and even on the Internet.

Q: What do they do with these codes once they have obtained them?

A: Since the primary motive is money, they look for buyers. On the streets of New York City, for example, where 60 percent of toll fraud attempts originate, a good number (or, in street slang, a "Montebello") will go for $3,000 to $5,000 depending on the supply/ demand at that time.

Q: Why are PBXs a perfect target for these hackers?

A: Today's PBXs are feature-rich, and more and more features are developed each day as the various PBX manufacturers attempt to gain a competitive edge. These features are all software, and therefore programmable, which in most cases means they can be accessed remotely. In addition, maintenance and service is provided by interconnects from remote service centers via modem lines. All of this creates a very familiar environment for the hacker to operate in with very little risk of being identified.

Q: What are hackers looking for in your PBX?

A: The easiest vehicle for them is to gain control of your direct inward service access (DISA) where a remote user can gain access to an outside line from your PBX by punching some "long" authorization codes. Most companies use it for the traveling employee.

Second, they would love to "take over" your maintenance port. By controlling that port, which is the heart of your PBX, they can do whatever they want, including changing your routings and passwords and deleting/adding extensions. And, if their intent is vicious, they can actually shut down your PBX and take you out of business.

Voice mail is probably the most popular vehicle of toll fraud these days. Like PBXs, voice mail systems are also very sophisticated and full of features. You can, among other things, sit on the beach in the Caribbean and program your voice mail box in Chicago to place any inbound call on temporary hold, grab another line, call your cellular phone then conference the two lines--all within seconds. Meanwhile, the caller has no idea that you are actually enjoying the sun and sipping Jamaican rum. Hackers want to use exactly that feature to forward calls to a "phantom" mail box that will give just a dial tone. Then, they dial the rest from any public phone in Miami, Dallas or Amsterdam.