Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

toll fraud.. how'd they do it?

toll fraud.. how'd they do it?

toll fraud.. how'd they do it?

Customer has old R1T1 Mics with Flash 2. It was hacked. I added toll restriction filter to Flash 2 voicemail port with restriction to be * (all calls blocked, No overrides, for night mode and modes 2 -6 etc). To test and verify, I put that filter on an office phone and cannot make any calls. Admin mailbox password was changed to something hard. Somehow caller still gets into that mailbox and still is able to setup outbound notification to 10 11 159 + 1 XXX XXX XXXX US number. VM port was 324 and B2 was 388 but I cannot apply the filter to that. Had I made a mistake in my setup allowing calls out?

As an added layer I made a filter for the trunks to block 10 1X XXX dial around so I am hopeful.

RE: toll fraud.. how'd they do it?

Voicemail does not pay attention to "set" restrictions so using "line" filters was the correct method.
You can test it when your on site by setting up a test mailbox and use your mobile as the notification destination, then by leaving a message and watch to see when it dials out, the line should be grabbed then dropped right away based on the line restriction.

For toll fraud I use:
Filter 10 for lines
*72 (carriers forward feature)
0 (if the client is sure they never make oversea calls)

For all others such as 976, 411 etc I use "Set" Filters

I did a FAQ on this here for more.

So somebody setup a mailbox to call a 10XX number but what could possibly happen except to be charged for a 1010 service?
What does the hacker have to gain?
I wonder if it's the hacker that actually owns the particular 1010 service then hacks mailboxes to call it so they get paid?

As for how they are hacking the good password, that is something new.
Looks like COS on a Flashtalk does not offer mailbox lockout after X amount of attempts.

If you are not worried about internal users then it is best to leave the admin mailbox (assuming you meant "system manager" such as 12 or 102) at the default 0000 since they cannot access it from outside with that password.

Make sure the mailbox uses COS 5 to disable Off Prem Notify.

Use MBOX, CHG , DIR and go through all mailboxes and set to COS 5 if need be.
Hidden mailboxes:
Unfortunately on the Flashtalk you cannot view mailboxes under CHG/DIR if the mailbox is set to Directory: No
The same might be for Callpilot in telset but web browser will show all mailboxes regardless.
So take some time and MBOX/CHG and try every DN you can.
If there is none listed in the DIR then at the Admin (Mbox AA Other) press 4 and look to see if directory is set to Yes.

Toronto, Canada

Add me to LinkedIN

RE: toll fraud.. how'd they do it?

Thank you. My guess is customer changed admin mailbox password to 1234 which allowed hacker access. Otherwise i don't see how they could have gotten in the mailbox.

RE: toll fraud.. how'd they do it?

Way way WAAAAYYYYY back I used to carry around an old laptop that ran Win3.1 and had a trackball embedded where the touch pad is on current hardware. The only thing I used it for was a serial connection to Flash VMs as I wasn't experienced enough to be assigned a proper laptop to work on our BCM customers.

All that to say that there is a way through a hyperterm/putty connection to pull a list of mailboxes, even those not in the directory or uninitialized, from a Flash. I can't remember how, but you can and a Google search might give you the commands to do it.

- Qz

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close