Big rise in VoIP hacking lately. We can usually pick up on it and stop it. This is not automated (yet).
Sadly one of my customers was hacked, and we are charging him hundreds for the calls.
What really pisses me off is that, in an effort to help customers, if a call cannot route via one call carrier we fall back to another. Sadly in this case the other carrier cost us way more.
In fact, whilst we are charging our poor customer a few hundred, we expect to be paying nearer £15,000 for the calls.
I am not a happy bunny :-(
P.S. Nagios is getting quite a few more alerts added.
Subscribe to:
Post Comments (Atom)
Fencing
Bit of fun... We usually put up some Christmas lights on the house - some fairy lights on the metal fencing at the front, but a pain as mean...
-
Broadband services are a wonderful innovation of our time, using multiple frequency bands (hence the name) to carry signals over wires (us... -
For many years I used a small stand-alone air-conditioning unit in my study (the box room in the house) and I even had a hole in the wall fo... -
It seems there is something of a standard test string for anti virus ( wikipedia has more on this). The idea is that systems that look fo...
Where were these calls to?
ReplyDeleteCaps?
ReplyDeleteCan we not have an alerting system - with a human in the link - to say - woah! More in a day than in the last month?
If a customer who pays around £50 a month suddenly racks up 3,5,10x that alarm bells should be ringing.
I would like a hard cap on all my services so I can't make a big mistake.
Extra precautions and checks in place our end.
ReplyDeleteWe don't have hard or even soft caps on per user charges (yet). We may do something soon.
I am just so pissed off right now.
That is really annoying... Can you restrict the VOIP to only certain countries (maybe just the UK), giving the option of de-restricting upon request? Or you could restrict it to their fixed IP addresses, with the possibility of adding more through their control panel, or de-restricting altogether (with plenty of disclaimers and warnings).
ReplyDeleteOnly accept calls from ip addresses registered by the user ie their a&a account.
ReplyDeleteCap outbound calls at prearranged values - this allows the customer to limit their risk.
Analyze call volume and alert the customer via SMS if it's out of the norm. Give them the option to immediately block further traffic.
Use a SIP server that's been through the wars already and had vulnerabilities patched.
Block calls to Nigeria, Morocco etc. Sorry but Nigeria, Morocco etc are known fraud endpoints and unless your customer specifically wants to call there (prearranged?) block them.
Andy
Locking down IPs would not help - the user was hacked, not us.
ReplyDeleteWe do cap outbound calls - these calls were cheap (and we make profit on the normal carrier. It was the fallback to other carrier that was a mistake).
We are picking up high call volumes now :-)
The SIP server was not hacked, the customer's was.
These were Palau or some place, and one hack we saw was Spain of all places.
In summary - never as simple as it sounds.
ReplyDeleteI would personally block premium rate and international by default, then de-restrict when requested (tick box within your control panel)?
ReplyDeleteAs a business to business provider I'm guessing most calls are to mobiles and landlines?
Having slept on it, i'm not entirely sure why I felt the need to add a question mark to my first sentence, i'm almost questioning myself.
ReplyDeleteAll I can say in my defence is that it was a very long day yesterday (technically it was the same as any other day, but it felt that way).
The problem is many international destinations are the same cost as national. I think we might even pay less to call the US than local numbers, or something damn close anyway. So crazy not to allow the cheap ones.
ReplyDeleteWe already block the silly expensive ones, well, when routed via the normal carrier. This loophole was numbers that were cheap normally and falling back to expensive. That is fixed too.
Probably isn't appropriate for business use but for my person void is be happy to prepay say 10 pounds of credit and be able to top that up and to be disconnected if it runs out, reducing the risk to everyone.
ReplyDeleteHow on Earth can someone spend £15grand on phone calls???
ReplyDeleteI suppose it isn't someone phoning home, but selling the stolen phonecalls to others and raking in the profits.
Is it not possible to trace the source and drag them into court?
That should say voip and generally make a lot more sense. I shouldn't post from phones
ReplyDeleteYou could perhaps presell units as with broadband?
ReplyDeleteHDRW - normally it's calling premium rate numbers controlled by the attacker, which are generally set up in other countries where the regulations aren't as strict as in the UK (in UK you can get the money back if it's clearly fraudulent etc).
ReplyDelete@HDRW
ReplyDeleteIt's probably a call shop, walk in prepay/calling card make a call. It's quite common. If they found a route they'd just use it as much as they could until it stopped working.