Thx a lot Russell. We already have those measures in place, just want to see if we can do anything else about these hackers Ujjval Karihaloo VP Voice Engineering IP Phone: +13032428610 E-Fax: +17202391690 SimpleSignal Inc. 88 Inverness Circle East Suite K105 Englewood, CO 80112 [cid:image001.jpg at 01CA6069.69030A80]<http://www.simplesignal.com/> From: Russell McConnachie [mailto:russell at mcconnachie.ca] Sent: Sunday, November 08, 2009 11:45 AM To: Ujjval Karihaloo Cc: voiceops at voiceops.org Subject: Re: [VoiceOps] Hackin attempts to Broadsoft voice portal Hi Ujjval I have had this problem also with malicious hackers attacking my voicemail boxes and making outbound calls to International destinations (Usually the Phillipines). For the time being - I have disabled all outbound dialing through the Voice Portal. If my subscribers want a function such as this they can either use one of two things. 1. Remote Office 2. BroadWorks Anywhere. Also increasing the password policies for Voice Portal/Voice Mail Passwords does help, No longer do I allow passwords which are shorter than 5 characters (As most attackers use the default 0000, 1234, 7890 password combinations). I am in Canada and I haven't found anything I can do besides that. Thanks On Sun, Nov 8, 2009 at 10:26, Ujjval Karihaloo <ujjval at simplesignal.com<mailto:ujjval at simplesignal.com>> wrote: Lot of failed attempts from 1 particular number.... 15096346223. Seems to be scanning thru voice mail boxes serially attempting passwds & locking them out. Last time v saw this i tracked this to be a magic jack number, i called back & a person answered & said that he can fix my voice mail for me if i gave him my password. I emailed magicjack support & they never responded. Is there anything we can do to bring these malicious hackers to justice? Any one has experience un this area legally given that these hackers are mostly outside the US. Ujjval Karihaloo VP Voice Engineering SimpleSignal Inc. IP Phone: +13032428610 Sent from my iphone _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org<mailto:VoiceOps at voiceops.org> https://puck.nether.net/mailman/listinfo/voiceops

As an FYI, the Call Forward Always service can be exploited through the portal as well, we had a customer with some weak passwords attacked that way. To combat the problem on our BS platform we disabled call forwarding control and Voice Portal Dialing through the menus and implemented strong password policies and a forced password change across all groups. We have also started limiting international dialing on new provisioning except for accounts specifically requested to have the feature and have started strongly recommending account codes. Broadsoft does have some ?best practices? type documents. Most of the attacks we?ve seen have been related to ?straight? fraudulent calls, i.e. offshores special services numbers, but we actually had a directed attack at one customer where the attackers were using a compromised account to place calls to internal extensions and attempting to utilize social engineering to obtain network login credentials. Neither the FBI, nor in that case of the directed attack local law enforcement, have shown any interest in any of the cases that I know of, including one affecting a Federal agency. Additionally, most of the attacks that we have seen have involved spoofed numbers, the Florida State Police in one example. From: voiceops-bounces at voiceops.org [mailto:voiceops-bounces at voiceops.org] On Behalf Of Ujjval Karihaloo Sent: Sunday, November 08, 2009 1:49 PM To: Russell McConnachie Cc: voiceops at voiceops.org Subject: Re: [VoiceOps] Hackin attempts to Broadsoft voice portal Thx a lot Russell. We already have those measures in place, just want to see if we can do anything else about these hackers Ujjval Karihaloo VP Voice Engineering IP Phone: +13032428610 E-Fax: +17202391690 SimpleSignal Inc. 88 Inverness Circle East Suite K105 Englewood, CO 80112 <http://www.simplesignal.com/> From: Russell McConnachie [mailto:russell at mcconnachie.ca] Sent: Sunday, November 08, 2009 11:45 AM To: Ujjval Karihaloo Cc: voiceops at voiceops.org Subject: Re: [VoiceOps] Hackin attempts to Broadsoft voice portal Hi Ujjval I have had this problem also with malicious hackers attacking my voicemail boxes and making outbound calls to International destinations (Usually the Phillipines). For the time being - I have disabled all outbound dialing through the Voice Portal. If my subscribers want a function such as this they can either use one of two things. 1. Remote Office 2. BroadWorks Anywhere. Also increasing the password policies for Voice Portal/Voice Mail Passwords does help, No longer do I allow passwords which are shorter than 5 characters (As most attackers use the default 0000, 1234, 7890 password combinations). I am in Canada and I haven't found anything I can do besides that. Thanks On Sun, Nov 8, 2009 at 10:26, Ujjval Karihaloo <ujjval at simplesignal.com> wrote: Lot of failed attempts from 1 particular number.... 15096346223. Seems to be scanning thru voice mail boxes serially attempting passwds & locking them out. Last time v saw this i tracked this to be a magic jack number, i called back & a person answered & said that he can fix my voice mail for me if i gave him my password. I emailed magicjack support & they never responded. Is there anything we can do to bring these malicious hackers to justice? Any one has experience un this area legally given that these hackers are mostly outside the US. Ujjval Karihaloo VP Voice Engineering SimpleSignal Inc. IP Phone: +13032428610 Sent from my iphone _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops