Interesting People mailing list archives

Re: Asterisk VoIP switch hacked for robo phishing expedition

From: David Farber <dave () farber net>
Date: Tue, 19 May 2009 09:49:45 -0400



Begin forwarded message:

From: Jerry Glomph Black <glomph () glomph com>
Date: May 19, 2009 8:39:35 AM EDT
To: dave () farber net, Larry Vaden <vaden () texoma net>

Subject: Re: [IP] Asterisk VoIP switch hacked for robo phishingexpedition

This is most probably NOT a hack. Many versions of asterisk, if notproperly configured, will allow calls through them via SIP or IAX.

FBI? Oh, please. You cannot declare a 'hack' anymore than you candeclare a 'break-and-enter' when you leave your house for a week withthe doors wide open, a pile of cash on the doorstep, and the lightson.

You must be sure that the [default] context does nothing useful, suchas routing toll calls. Ditto for whatever context the IAX guestaccount uses. And all SIP and IAX listeners must have some form ofauthentication, or -very- restricted dialplan contexts.

On Tue, May 19, 2009 at 11:54 AM, David Farber <dave () farber net> wrote:

Begin forwarded message:

From: Larry Vaden <vaden () texoma net>
Date: May 18, 2009 8:36:46 PM EDT
To: David Farber <dave () farber net>, ip <ip () v2 listbox com>
Subject: Asterisk VoIP switch hacked for robo phishing expedition

Dr. Farber,

For IP if you wish:

Although likely not a case of first impression, if you operate an
Asterisk VoIP switch, you may be interested in the fact that ours was
hacked to make robo phishing calls to collect debit and credit card
information from unsuspecting folks.

We believe standard security precautions were in place.

According to call detail records, the destination numbers were of the
form 314-49?-???? (St Louis area cell phones).

We notified the FBI in St Louis, MO. and in Sherman, TX, earlier today
that we were receiving a large number of inbound calls/complaints.

At the time of notification to the FBI, we did not realize our switch
had been compromised.  We learned our switch was compromised about an
hour ago.

Kind regards/ldv

Larry Vaden
Internet Texoma, Inc.

-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com

-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com

Current thread:

Asterisk VoIP switch hacked for robo phishing expedition David Farber (May 19)
- <Possible follow-ups>
- Re: Asterisk VoIP switch hacked for robo phishing expedition David Farber (May 19)