Aug. 21st, 2008

thewayne: (Default)
$12,000 worth of phone calls to the Middle East over the weekend. Homeland Security's child with the black eye gets another?

http://news.yahoo.com/s/ap/20080820/ap_on_go_ca_st_pe/fema_phones_hacked
thewayne: (Default)
MANY years ago, say, 15 or so, this was a pretty common hack. Basically any phone system (PBX) has dial-in maintenance ports for engineers to call in and test the system and fix configuration problems that don't require a site visit. The problem is that EVERY system out there has default passwords, and these default passwords are available online if you know how and where to look for them.

The scam is pretty simple. Watch the Government Computer News magazine to see who is buying what, apply some social engineering skills, and find out the range of phone numbers that the PBX will handle. Configure a modem to dial a range of phone numbers before and after and you can locate the maintenance port. Once you've identified the port, test the default passwords that you've downloaded. If one hits, you're in gold!

Now what you do is go down to the local Asian/Indian/Mexican/Whatever community and you sell "phone cards" that have the access port and the key codes to forward that number to an outbound, long-distance line. Sell the card for, say, $50, and you'd move a ton of them. The buyer dials in and gets to talk to grandma in Karachi for really low rates.

It's a VERY common scam.

It's just embarrassing that a VAR would install a PBX without changing the default passwords, just embarrassing.
thewayne: (Default)
Interesting piece, I think I can agree overall. Shaenon is the web comic artist responsible for Narbonic and Project Skinhorse, the former having completed its run and is in repeats, the latter is new material.

http://shaenon.livejournal.com/70332.html

August 2025

S M T W T F S
     12
34 56789
10111213 141516
17181920212223
24252627282930
31      

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Aug. 18th, 2025 04:07 am
Powered by Dreamwidth Studios