Phreaking, the unauthorized access to phone systems, has been a lucrative business for cybercriminals for many years. According to estimates by the Communications Fraud Control Association (CFCA), it causes annual losses of around $4.4 billion.
Attackers typically follow the same method: They automate the search for companies that operate their own telephone systems with an integrated voicemail function. Then, they rely on port scans, simple brute force attacks, or sophisticated social engineering techniques to penetrate the systems. If they discover an integrated mailbox, they use unmodified or easily guessed standard PINs to compromise a vulnerable system. Via the answering machine, the attacker can then access the phone system and make various changes.
In general, this approach is used to perform calls to previously created premium numbers that are only available for a limited time. Some providers have proactive anomaly detection in place and can use this to determine an above-average number of calls or connections to unusual destinations. They usually inform their customers within 48 hours after particularly high volume of connections. However, as an administrator, you can watch for the following signs:
- Numerous calls to international numbers from just one extension.
- Numerous calls outside business hours to countries with which the company has no business relations.
- Numerous short calls to a chargeable number.
Effective Protective Measures
You can improve security through strong passwords: Change them regularly and revise your password policies. During commissioning, change all default passwords (PINs) of the telephone system and its extensions. Use call barring to restrict outgoing calls to normal business hours. Require passwords for long distance calls or calls to premium numbers. In addition, the responsibilities and administrative privileges of employees and administrators should be checked at regular intervals.
Also keep your software up to date and install the latest security updates. Rely on best practices and have your systems regularly checked by independent and specialized companies in the scope of a security assessment (audit). Likewise, you should check with your provider to arrange a cost limit and various thresholds. Furthermore check the itemized bills regularly, or at least by random sampling.
Phreaking is an underestimated and growing threat to international companies of all sizes. A number of different measures are required to protect yourself against this type of attack. The effective implementation of these measures should then be reviewed by an independent expert at regular intervals.