From: "Carlos Alvarez" <carlos at televolve.com> To: voiceops at voiceops.org Sent: Wednesday, January 26, 2011 6:20:51 PM Subject: [VoiceOps] h.323 breech and toll fraud case A company we work closely with, but is not our customer, had their Cisco Call Manager hacked due to some h.323 vulnerability that I don't have full details on yet. There were a number of calls placed to:
881835211540 881835211556 881835211547
My findings indicate these are Globalstar satellite numbers that cost somewhere between $4 and $7/minute to call, depending on carrier. The victim's carrier is billing them at $6.50. The total bill for the event is around $13k. This is a small company that can't really afford this. I am not an interested party in the sense that it wasn't on our network, but it's a company we work with a lot and want to help. I also want to learn from this to potentially protect our own network.
Some questions...
1. What is the scam here? The recipient of those calls doesn't gain anything, and placing a few calls to three specific satellite phones seems to have little purpose. Many of the calls were concurrent. It all happened in the span of just a few hours.
2. Anyone experienced the same thing with those numbers or similar numbers?
3. About a year ago I attended an FBI presentation on VoIP fraud and there was a VoIP specialist who gave his contact info, but I can't find it. What is the best way for this company to report this crime?
If you find out please let me know. I had a $180k voip fraud last year (SIP, Ukraine -> Cuba) and reported to the FBI with NO response.
-- Carlos Alvarez TelEvolve 602-889-3003
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
-- Matthew S. Crocker President Crocker Communications, Inc. PO BOX 710 Greenfield, MA 01302-0710 http://www.crocker.com P: 413-746-2760