Since telephony networks have advanced from conventional to voice-over-IP networks, the approaches used by toll fraudsters have also altered.
FREMONT, CA: A telephone system is sensitive to many attacks. For example, toll fraud is a form of attack involving the unauthorized use of an individual's or a business's telephony services and equipment to make long-distance, international, or premium-rate phone calls charged to the targeted system's owner. Toll fraud can take several forms:
• Employees use their work phones for unauthorized long-distance and international calls to friends and loved ones or premium-rate numbers.2
• Attackers gain remote access to a PBX via which they route their calls, charging the owner of the PBX for those calls.
• Fraudulent businesses imitating a small telco can gain remote access to a PBX using which they route their customers' calls. In the most subtle cases, such fraudsters sell telephony service to their customers per minute and route traffic via the compromised PBX, essentially at no cost to them but incurring high costs for the targeted enterprise.
• An attacker can produce a significant volume of fraudulent calls from a compromised PBX to international numbers and premium-rate numbers for no other reason than to incur high costs on the telephone bill of the targeted company.
Each of the above cases is distinct, has a varying impact on the targeted company, and must be dealt with differently.
Toll fraud techniques
Since telephony networks have advanced from conventional to voice-over-IP networks, the approaches used by toll fraudsters have also altered.
Traditional toll fraud
Toll fraud on traditional PRI circuits that conclude on a conventional PBX exploits a bad configuration on the PBX itself. Legacy PBXs have many complex features that enable users to obtain an internal PBX dial tone by dialing a Direct Inward Dial (DID) number. This allows the user to call this DID, hear the dial tone and then make calls anywhere, initiated from the PBX and therefore charged to the company. This is a legal function, but if it is not secured with a PIN or compromised in some way, such a breach could be leveraged for toll fraud.
Further methods on previous systems have intricate technicians installing devices on PBXs that later permitted them to access the PBX via the PSTN. This access was not only employed to make fraudulent calls but also allowed the PBX to be reconfigured remotely to compromise the system. Before, there were relatively few PBX specialists, which put them in a position where they could utilize their exclusivity to obtain malevolent access to a third party.
Mostly, conventional telephony requires some physical access to the PBX, initially at least, to further develop a toll fraud strategy.
VoIP toll fraud
Since VoIP systems are interconnected with the data network—and ultimately with the internet—they are typically remotely accessible from almost anywhere. Thus, for VoIP, most toll fraud comes from compromised systems by remote attackers, using techniques similar to data hacking. This hacking will normally focus on the following:
• Scanning of ports - VoIP utilizes the SIP protocol, which employs TCP ports 5060 and 5061 by default. It is fascinating to note that if one installs an internet-facing SIP server without any safety precautions, one will instantly detect a whole series of TCP port scans on that port, trying to find an "unsecured" SIP port.
• Passwords – Both SIP trunks & SIP extensions utilize passwords to function. Weak or leaked passwords are a weakness that is frequently exploited.
• Compromising servers – Like any other network service (web, email, file server, etc.) VoIP telephony is based upon the use of a SIP server. If an attacker obtains unauthorized access to its operating system, it can configure whatever they want.
Preventing toll fraud
Some of the most significant steps you can take to protect yourself from toll fraud include:
• Ensure security precautions for the network—and not just for VoIP—are in place. This incorporates strong passwords for servers and SIP services, securing your Wi-Fi network, securing your remote users, ensuring that your network edge is protected using proper security appliances, and controlling physical access to your servers & data centers.
• Verify you have a security policy that employees are wise to sign as part of their employment procedures. Ensure to remind employees of their responsibilities and train them to use company resources correctly.
• Check you have blocked all premium-rate numbers internally on the PBX and that you have employed a method of securing the use of international and long-distance calling, either with a personal code or enabling such calls only on specific phones.
• Guarantee that features like gaining a dial tone through DID are disabled or properly secured.
• Verify that phones can only be used by authorized staff, not guests, security, or cleaning personnel during off-hours by employing a personal PIN or disabling such calls when the business is closed.
• Whenever possible, update your traditional telephony system to a fully VoIP system, giving you the most up-to-date security measures and some of the most cutting-edge users features available today.
Your rights and responsibilities
You may be on a limb if you become a victim of toll fraud. This is because the contracts you sign with most telcos include clauses that exempt them from any liability, especially if it occurs from a lack of preventive measures on the business' part.
Be sure to be open and candid with them about the issue. Then, talk with your telco and get their advice on the most appropriate measures to protect yourself from toll fraud, and make sure you understand where their responsibility ends and where yours begins when dealing with toll fraud.
Conclusion
The final thing a business needs is to be surprised by an abnormally high telephone bill at the end of the month. So be sure to avoid such a situation by first understanding what toll fraud is and then taking the necessary steps to mitigate it.
