Sign in to follow this  
Followers 0
natas

"First Major VoIP Hacking Scheme Uncovered"

7 posts in this topic

I found this on the VoIPSA mailing lists this weekend. It's not the full article, it's basically a press release/summary of the article.

http://www.accessintel.com/cgi-bin/press/show.cgi?1130972376

I'd really like to get a copy of the full article out of this publication.

Interesting Quote!!!

VoIP experts are testing a number of switches, and there is some suspicion that the venerable 5ESS may be among those that can be hacked.
0

Share this post


Link to post
Share on other sites

That is an interesting line. There's probably documentation somewhere's...

Edited by unity
0

Share this post


Link to post
Share on other sites

It was only a matter of time before the mainstream media made a correlation between VoIP and phreaking. Now they're just trying to find a way to throw some spin on it to get the public worried about it. I find it hard to beleive that people are that are going far enough as to use VoIP, that I'm sure they are using illegally and free, to get free calls out of a 5ESS. I mean they're already making free calls. I'm sure there are people out there doing it just to do it but I think toll fraud is really lowering since unlimited long distance on both home and cellular phones has become more popular.

0

Share this post


Link to post
Share on other sites

The VoIP Security Alliance sent this to the VOIPSEC listserv, as a possible press release.

We have investigated the article and as best we can tell this has to do with modifying the billing codes to obtain free calls, something that has always been a concern in PBX environments and something which most products guard against.

We have contacted VOIPSA members, including one quoted in the article, and received agreement that this is not anything new and is not at all anything specific to VoIP. 

VOIPSA members continue to monitor the issue but at the moment have not been able to find any indication of actual exploits of this suggested vulnerability beyond a couple of isolated cases.

Which amounts to a "nothing to see here, move along" statement.

They also may add:

We would ask the author to make publicly available any information he has about actual exploits as we have not yet found any real evidence of this.

Which amounts to a "put your money where your mouth is" statement. :)

0

Share this post


Link to post
Share on other sites

Phone fraud? Who fucking cares anymore? Telephone calls are, for the most part, already free. Nope, sorry, you can't blame us for phone fraud anymore; it makes no sense.

The whole VoIP aspect makes this interesting.

0

Share this post


Link to post
Share on other sites

Yeah this thing seems to have hit every board on the planet, the way I read it (in regards to the references to switches) was (disregarding the crap) that it may suggest and some sort of SS7 network related thing, which would be cool...however if had access to the SS7 network and virutal control of the switch and IN why the hell would you use it for fraud......as far as that aspect it doesnt sound like its adding up

However that being said I am aware of one provider who has mucked up a bit in how they have configured there box and you could theoretically do as described...but has nothing to do with switch or billing system errors...just some dumb idiot who used a commands in a config file without thinking...set up those macros right people !!

I might have misinterpreted the alleged 'hack' decribed in the article....but truely i think BlackRatchet really hit the nail on the head....

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0