MATHIAS THURMAN
Trouble
Ticket
At issue: a small
office in europe
discovers that someone
has hacked its IP telephony
router.
Action plan: update
the operating system
to prevent toll fraud, and
assess the IP telephony
setups at offices around
the world.
Hackers Call Home, on Our Dime
Someone is making calls costing thousands of dollars via
the IP telephony setup in a small European office.
IT’S BEEN A WHILE since we’ve had a security breach worth mentioning (that we know of). Last week we had one, and it was an eye-opener. A small development office
in Western Europe was informed by
the local telephone company that a
high number of calls were being made
from the office’s IP telephony setup to
a Middle Eastern country. When we
looked into it, we found that in just 15
days, over $30,000 in calls had been
made to several Middle
Eastern countries, as
well as Russia, China
and a couple of Central
American nations.
I immediately told
the folks in the European office to have the phone company
block the suspect call locations, file a
police report and send me the complete
running configuration from the router.
The office in question came to us
through an acquisition about four years
ago, well before my arrival. Apparently,
the acquired company had just pur-
chased new equipment, including a Cisco
router used as a voice gateway for com-
municating with several other offices
around the world. After the acquisition,
we retained the Cisco routers, since we
use IP telephony extensively.
JOIN IN the discussions about
security! computerworld.com/
blogs/security
The hacker apparently had shared our
vulnerability with hundreds of people.
Some Relief
We are fully cooperating with law enforcement and the phone company, and
as a result, we may actually be granted
some relief from the $30,000 bill.
But this incident has spurred me to
further action. I plan to use some of my
quarterly budget for vulnerability assessments and penetration testing by hiring
a reputable organization to conduct a
complete assessment of our global IP telephony environment — everything from
phones and the call manager to unity
messaging and the underlying network
equipment that enables IP telephony.
And because we acquired so many
of these vulnerabilities, I am going to
update my M&A playbook to emphasize
the need to assess any IP telephony
infrastructure we inherit. One final
precaution we are taking is to evaluate
our options for correlating Cisco call log
data and other relevant logs within our
recently purchased security incident and
event management tool. u
This week’s journal is written by a real security manager, “Mathias Thurman,” whose
name and employer have been disguised for
obvious reasons. Contact him at mathias_
thurman@yahoo.com.
