Fraudsters are targeting unsecured PABXs in New Zealand and getting away with hundreds of thousands of dollars annually. The incidence of fraud has increased fourfold in 2010 with an estimated 30 40 New Zealand companies getting hit by international PABX fraudsters every month.
Leaving your PABX unsecured is like leaving your PIN numbers or bank account details and access codes pinned to your front door. Security of your PABX is easily as important as the security of your PC, its relatively easy to defraud you of thousands of dollars if you havent made your system secure.
Whos at risk? Often this is now the small businessman or woman with a PABX (often their first). In one recent case it was an individual who had downloaded a free software-based VoIP PABX and installed it on their home computer. An unsecured PABX system can be compromised via an insecure voicemail system (or similar), that allows incoming callers to dial extensions directly.
From there, some insecure PABX systems can even allow callers to access outside lines. Hackers have targeted these systems around the world sometimes resulting in a large volume of international calls being charged to the PABX users account. To help ensure your business is protected against this type of fraud, we advise you check your PABX system is secure and it is adequately configured to maximise your security.
Minimising your risk
We strongly recommend you take action now. It is vital that you review and follow the attached security measures as soon as possible. If you have any questions regarding your own particular PABX, contact your vendor in the first instance for advice on securing your system. Visit: www.tig.org.nz/stoppabxfraud for more details, advice and links to other information. The TIG is an industry group aimed at increasing the contribution of telecommunications to New Zealand society and economy.
Guard against PABX hacking what you can do
1. CHOOSE A STRONG PASSWORD: Voicemail and DISA passwords should be changed on a regular basis, avoiding factory defaults and obvious combinations such as 1234 or the extension number.
2. CHANGE IT: Make sure all security features passwords, PINS etc are changed following installation, upgrade and fault/maintenance. Dont forget to reset password defaults.
3. KEEP IT CONFIDENTIAL: Keep all internal information such as directories, call logging reports and audit logs confidential. Destroy them appropriately if no longer required.
4. REVIEW REGULARLY: Review system security and configuration settings regularly. Follow up any vulnerabilities or irregularities.
5. VENDOR TERMS AND CONDITIONS: Make sure you have the right terms and conditions reflected in your contracts with your PABX, VoIP and/or voicemail maintainer in order to keep your system regularly maintained and serviced to stay safe.
Authorities in several countries have helped bust an international phone hacking ring that cracked into thousands of corporate phone networks in the U.S. and elsewhere in order to route calls through the networks at the expense of the hacked companies.
Three foreign nationals were indicted in the U.S., according to a document unsealed on Friday, for allegedly hacking into the phone systems, while five Pakistani nationals were arrested in Italy for allegedly financing the scheme and selling access to the hacked networks to other call centers and using the hacked networks to route their own customer calls.
The ring had been operating for more than four years and had hacked into phone systems belonging to more than 2,500 corporations in the United States, Canada, Australia and Europe. According to the U.S. Attorney’s office in New Jersey, which is handling the U.S. case, the ring sold 12 million minutes worth of time on the company networks, valued at more than $55 million in charges.
Some of the profits earned from the scheme allegedly helped finance the activities of Islamic fundamentalist groups in Pakistan and Afghanistan, according to reports from Italian authorities. And some calls routed illegally through the hacked networks were made to the Middle East and other regions involved in political unrest, suggesting that the hacked networks might have been used by terrorist organizations to thwart eavesdropping and tracking by intelligence agencies.
The three foreign nationals indicted in the U.S. are Mahmoud Nusier, 40, Paul Michael Kwan, 27, and Nancy Gomez, 24. All three were arrested in March 2007 in the Philippines, along with four other suspects. The three were indicted in New Jersey, following a years-long FBI investigation into the hacking ring’s activities.
Nusier, a Jordanian national, and Kwan and Gomez, both Philippine nationals, were indicted on several counts, including conspiracy to commit wire fraud, unauthorized access to computer systems and possession of unauthorized access devices. A spokesman for the U.S. attorney’s office in New Jersey would not say whether the U.S. had initiated extradition proceedings. The announcement of their indictment coincided with the arrests of the Pakistanis in Italy.
According to the indictment (.pdf), at least two of the Pakistanis owned and operated call center operations in Italy and recruited Nusier, Kwan, Gomez and others to hack into corporate phone networks in the U.S. and elsewhere so the call centers could use the pilfered networks to route their own customers’ phone calls. The hackers received about $100 per hacked phone network.
The hackers used brute force attacks in some cases to crack into corporate PBX systems through unused extensions; in other cases they were able to infiltrate systems that were using default passwords. They’d then program a new password for the extension to control access. When the hackers were raided in the Philippines, investigators uncovered dozens of notebooks filled with telephone numbers and access codes to hacked PBX systems.
U.S. authorities wouldn’t discuss the terrorism-related allegations. But according to Italian news reports, Mohammad Zamir, 40, the manager of a phone center in Brescia, Italy, who is suspected of financing the hacking, allegedly sent more than half a million dollars to an Islamic charity run by a brother-in-law of Osama bin Laden. The brother-in-law was suspected of funding Muslim extremists in Southeast Asia.
What steps would you take to protect your business from a burglar coming in after office hours and stealing £40,000?
I suspect that you would make sure that all the doors have very good locks. You would install a burglar alarm and maybe even have CCTV surveillance.
That should protect your business. Wrong! The burglar did not break into your office; they broke into your internal phone exchange (PBX). Unseen by human or electronic eyes, thousands of pounds are being spent on international telephone calls and your business will pay the bill.
How Does Phone Hacking Work?
Dial through fraud is not a new problem, it just has limited publicity. It exploits a PBX feature that allows employees to ring in to the switchboard and by keying certain dialling codes, make national and international calls for which the company will pay the bill.
Many businesses will take an “It will never happen to me” approach to dial through fraud, even though most business PBXs are setup to be maintained remotely. This is to allow engineers from a maintenance company to make changes to the configuration without needing to make a site visit but it exposes the PBX. The administration port on the PBX will be connected to a modem that in turn is connected to an extension on the PBX.
Using trial and error, hackers will identify the number that this modem is on. The default passwords like “admin”, “0000″ or “1234″ will be tried first. Even if the password has been changed, there are plenty of free utilities on the Internet that will use brute force to try every number and letter combination until the right password is found. It has been known for 16 character passcodes to be cracked in this way.
Once the hacker has gained administrative access to your PBX, they will identify unused extension numbers and set them up to allow dial through using the company PSTN lines. For the cost of a local phone call, the hacker can be making calls to the Middle East, Far East, Africa, Australasia, etc. Some of these calls could be costing the business up to £3 a minute.
To compound the problem, the hacker will usually set up a disguised PBX that routes its calls through the company PBX. The hacker will then operate a “Call Sell”; selling international calls to customers at cheap rates. Alternatively they could make calls to their own premium rate revenue share services. It is possible that during the 15 hours when your office is closed, up to 10 simultaneous calls could be occurring. And that is just for one day! The problem is likely to go unnoticed and unresolved until the phone bill arrives at the end of the month.
It Will Never Happen To Me
A recent report in the Guardian highlighted the plight of one UK Company that suffered from a fraud attack. The company had secured its PBX with a 16 character password but it was still compromised. The discovery of the fraud was by pure chance when the MD of the company came into the office early one day to find the lights on the telephone switchboard lit up like a Christmas tree, even though he was the only one in the office.
The report showed that recovering the losses was not easy. Although the company’s Telco admitted that the calls were fraudulent, it was not their responsibility to secure the customer’s equipment from attack. Therefore the customer was liable for any calls made through the PBX. It was also discovered that the company’s insurance policy had a standard clause exempting it from any “electronic losses”.
There is also another example that uses VoIP to route calls into the country, where they are relayed onto the mobile phone network. Calls into the victim’s PBX originate from a mobile number and are forwarded to international destinations by the PBX.
A Matter For The Police
Surely if a fraud has been perpetrated, then the police should investigate the matter? This is true. The Regulation of Investigatory Powers Act 2000 (Ripa) gives police the power to request “intercept data” from the Telco that would identify the origin of the inbound calls into the PBX. Under the act, a Telco is allowed to charge up to £1,500 to cover their costs of retrieving the data asked for by the police. This means that in every case, the police must decide whether the financial losses involved in the fraud justifies the cost of the “intercept data”. For big losses, the answer is likely to be yes every time. However, in small cases involving just a few hundred or few thousand pounds, the answer may not be so clear cut.
How Can It Be Prevented
The most obvious way is not to allow remote access to the administration facilities of the PBX. However this may not be practical and could lead to increased charges from the maintenance company. The second method is to use a very random password on the PBX, up to the maximum number of characters and to lock the modem so that it will only answer calls from a single phone number. This solution is very inflexible and after a while could be turned off if it becomes impractical.
A more comprehensive method is to invest in a Tracker solution from Data Track. This can provide three key benefits:
The Tracker can use secure access modems.
By acting as an intermediary, the Tracker can offer different levels of access depending on the username and password given.
The Tracker can proactively monitor the PBX looking for the first signs of fraudulent activity.
Tracker Secure Access Modems
The solution is hardware based; one modem is connected to the PBX, while one or more modems are deployed in the field. The modems use an encrypted secret key and a unique ID to provide a challenge/response to incoming calls. Consequently only a modem with a matching encrypted secret key, using an ID that is allowed by the PBX modem will be able to connect.
This provides a more flexible alternative to calling from a single phone number. The modem is self contained and does not require any special software. It is unlikely that a random hacker using a standard modem will be able to breach this initial barrier.
Acting As An Intermediary
The Tracker solution is a gateway between the PBX and the user. It is capable of logging all login attempts. It can be configured to send out an alert (as an email for example) when it detects multiple login failures. This behaviour would occur if a hacker was using a brute force attack to try and discover the password.
Different combinations of usernames and passwords can be given different levels of access to the PBX. Users can be restricted to performing only certain actions from a limited menu choice. This prevents the hacker from gaining full unrestricted access to all of the administration functionality.
Proactively Monitoring For Dial Through Fraud
The Tracker solution can proactively monitor the call output from the PBX. It can be set to look for suspicious call activity. In the case of the company featured in the Guardian article, this would use a “ruleset” to look for any call that occurred outside of office hours. When suspicious activity is detected, the Tracker would send out an alert containing the details. This allows an appropriate response to be taken, reducing the potential losses caused by the fraud.
Dial through fraud can very quickly and silently cause thousands of pounds worth of losses to a business. The standard security precautions in place to prevent it are weak, especially compared to those used on IT networks. Trying to recover any loss is as difficult as detecting the fraud in the first instance. A Tracker solution from Data Track not only adds extra security to your PBX but a means of detecting losses before they progress too far.
Prevention is better than cure
So what practical measures can telecom or IT managers take to help prevent being another victim of crime?
One of the most effective approaches to improving the security of telephony systems includes conducting regular audits of:
• Station privileges and restrictions
• Voice and data calling patterns
• Public and private network routing access
• Automatic route selection
• Software defined networks
• Private switched and tandem networks
• System management and maintenance capabilities
• Auto attendant and voicemail
• Direct inward system access (DISA)
• Call centre services (ACD)
• Station message detail reporting
• Adjunct system privileges
• Remote maintenance protection
• Primary cable terminations and physical security of the site and equipment rooms
Other measures include reviewing the configuration of your PBX in the light of known hacker techniques and comparing configuration details against best practice and any regulatory requirements that may pertain to your industry sector.
Ensure default voicemail and maintenance passwords are changed and introduce a policy to prevent easily guessable passwords being used.
Make sure that the policy demands regular password changes and take steps to ensure the policy is enforced.
Installing a call logging solution, to provide notification of suspicious activity on your PBX, is a useful measure and one that can often afford valuable early warning of an attack. Review existing PBX control functions that might be at risk or which could allow errors to occur, too.
Be aware that many voice systems now have an IP address and are therefore connected to your data network – assess what provisions you have to segment both networks. Security exposures can also result from the way multiple PBX platforms are connected across a corporate network or from interconnectivity with existing applications.
Research and investigate operating system weaknesses – including analytical findings, manufacturer recommendations, prioritisation and mitigation or closure needs – and implement a regular schedule of reviewing server service packs, patches, hot-fixes and anti-virus software.
Finally, formalise and instigate a regular testing plan that includes prioritisation of the elements and components to be assessed and supplement this by conducting a series of probing exercises to confirm the effectiveness of the security controls used.
Recognising that the expertise to achieve this level of security on a voice network can be advanced in nature, Siemens and Siemens have drawn on their combined expertise in information security and telephony solutions to introduce a new portfolio of voice security services that provide a comprehensive approach to mitigating the threats described.
The services include security audits, vulnerability assessments, incident response, forensic investigation as well as telecom policy review and development and will be available for voice equipment from Avaya, Cisco, Ericsson, Nortel, Mitel, Siemens and others.
For those of us around in the mid-1970′s, the idea of a telephone switchboard may be forever tainted by the Saturday Night Live skit where Lily Tomlin, as a switchboard operator, randomly disconnects calls and infamously declares, “We don’t care, we don’t have to…we’re the phone company.”
Thankfully, the last 30 years have brought switchboards into the electronic age, and through PBX technology, many businesses no longer rely on telephone companies (or their operators) to complete many of their internal calls. Instead, today, many companies use internal telephone switchboards, known as IP PBX systems, a development on Private Branch eXchange (PBX) which now incorporates both IP technology and VoIP networks.
PBX started out as an internal company switchboards that required operators to manually direct calls from one person to the next. By the 1980′s, manual switchboards had largely been done away with, replaced by automated switchboards, which worked in the same fashion, but did not require an operator to manually route the call.
Today, PBX technology is taking on a whole new realm, the Internet world. Instead of routing calls through old circuits, modern PBX solutions use the Internet protocol to exchange information. The integration of the IP interface has greatly expanded the functionality of PBX systems. Instead of being restricted to the office, users are now able to work from virtually every corner of the globe, and still experience the full variety of their network’s PBX features.
This article serves as the first step to maximising your company’s productivity with PBX. These 20 tips and tricks will help PBX beginners optimise their business phone setup as well as make users familiar with some PBX functionalities they might have overlooked or under-utilised.
STANDARD PBX FEATURES
Are you getting the most out of your PBX system? Almost 100 percent of modern PBX systems come with the features mentioned in the following section. Surprisingly, however, many PBX system owner are not even aware they exist, not to mention know how to best use these very basic features.
1. Automated Attendant
Perhaps the most critical feature to any PBX system is the automated attendant. The automated attendant serves as a virtual receptionist directing calls to the different departments, voice mailboxes and extensions on your PBX network. A well programmed automated attendant gives your business the power to manage a high volume of calls without a high volume of personnel dedicated to answering phones.
When designing your automated attendant system, keep in mind users do not want to go through 2 minutes worth of call directing menus only to have a 15 second conversation with customer service, or even worse be connected to a voicemail. Try to avoid redundancy and direct the caller as quickly as possible. In addition, conduct surveys of usability with strangers, not just internal employees, in order to get an accurate picture of diverse user experiences.
2. Call Forwarding
Every efficient PBX system MUST be able to automatically forward calls to various destinations within the PBX network. If a user can’t get to his or her phone, the system should forward calls to their co-worker, supervisor, voice mailbox or any other destination based upon the most efficient solution for your company. Too often, companies fail to consider other call forwarding options beyond voicemail, and thus, lose company efficiency, employee and consumer satisfaction, and may ultimately lose business as a result.
PBX systems that lack the capacity to forward calls to the correct destination in a timely manner can cripple a company’s incoming communications. So make sure to compare forwarding capabilities before purchasing a PBX system.
3. Call Accounting
If you’re serious about keeping a tab on your company’s telephone usage, a call accounting system is a must for you. Call accounting software records various call information including “calling party, date, time, duration, destination party and authorisation or account code.”
With accurate call accounting records, you can accurately bill customers for support calls, gauge which employees are spending too much time on the phone, determine if any section in your automated attendant is creating a bottleneck and compare your records to the PBX server or telecommunications company for any payment discrepancies.
4. Conference Calling
Conference calling is one of the more powerful features of PBX. Instead of exchanging a series of emails with your co-workers to debate an important topic, conference calling gives you the ability to communicate with a large number of people in real time over the phone. You’ve already made the investment in a PBX system, so if your employees don’t know how to setup their own conference calls, you are just wasting a valuable resource, your staff’s time.
The seamless transition from user to voicemail is a vital component of every PBX system. When the PBX system is busy (or no one is at the office), voicemail takes over logging calls and messages from both clients and co-workers.
Sometimes you’ll be extremely tied up at the office, or will be fielding a lengthy important phone call and just can’t get to any other customers. Instead of losing that customer’s business, or having a receptionist take a message and forget to give it to you, voicemail allows that customer to record a message that you can check at a later time from any remote location. When setting up your system, however, it is important to consider whether the same voicemail message is appropriate for every caller. Would it serve your company better for customers and co-workers to receive different voicemail messages? If so, have you set up your PBX to make that happen?
6. Call Holding
We’ve all been placed on hold at one time or another, only to be sitting in silence or have our call dropped after more than 20 minutes of idle time. This can be one of the most frustrating aspects when dealing with other businesses. Thankfully, almost every modern PBX system provides the company with the ability to play music, advertisements and estimated wait times to its customers while they’re on hold. When configuring your call holding, have both internal and external callers test the system to make sure that the user experience is as customer friendly and reassuring as possible when callers are placed on hold.
In addition to reassuring callers with music or real-time queue updates, a fully functional PBX call hold system places users on hold in a priority queue and distributes calls accordingly without dropping them or losing customers due to excessive wait times. Consider whether your company would benefit from implementing priority criteria for wait times from particular callers. For example, if your biggest clients call in, you may want to bump them ahead of smaller clients. These questions require a difficult balance, but if you aren’t asking them at all, you aren’t using your PBX optimally.
What good is a PBX system if you cannot customize it to your company’s profile and customer needs? You should be able to configure call attendant menus, scheduled events, on-hold messaging, etc. When a customer calls your company they should be greeted with a unique welcome message, not a preprogrammed generic PBX one. An important first step is to make a list of all the potential callers; include categories of co-workers and customers. Then create relative priorities between these callers and create a list of the particular needs of each caller. Only once you have this master map of callers, should you begin to configure your PBX system, ensuring that your setup will be compatible with all callers, not just those that come to mind during the setup process.
All of these customisations play an important role in making the customer feel significant, and provide more information about your company to the customer. In addition, they serve an important role in the productivity of your company. Streamlining the internal call process can shave seconds off each call, and with thousands of calls made per employee per year, those seconds translate into very significant productivity gains.
ADVANCED PBX FEATURES
Now that you know what your default PBX system is able to do, it is time to explore the extent of PBX’s versatility. In this section we will cover more advanced PBX features which when properly integrated will provide your company with the capability to track user locations, transfer voicemail messages to email accounts and accept VoIP calls.
One of the more popular advanced PBX features takes on the “unified messaging” role, bringing together all of your telecommunications devices into a single convenient system.
“PBX can bring together your cell phones, analog phones, VoIP phones, email, voicemail, IM, chat, video calling and more.”
The technology works by linking all of your office devices together, and messages you on the appropriate device based upon your availability. The PBX system might try your cell phone first, your office phone next, the conference room, or maybe all 3 at the same time, depending on your settings. Whatever the case, the PBX system knows how to get a hold of you, and you should use that capability to your company’s advantage.
If your employees are on the road and need their cell phones to act like their office phone, your PBX can do it. PBX consolidation gives you the freedom to work wherever you see fit and still receive all the unique telephony features PBX has to offer including line extensions, conference calling, call forwarding, etc. If your company isn’t currently incorporating consolidation technology into the PBX system, it is losing significant time and money by having “out of office” equal “out of touch” when it comes to your employees.
9. Personnel Locator
After consolidating all of your PBX features into one unique system, you are on the way to having a fully-functional mobile workforce. But what happens when you need to know exactly where one of your employees is? Not to worry, PBX systems can keep track of where your employees last interacted with the system, data which will allow you to pinpoint their exact location.
Some PBX systems are going as far as incorporating GPS and RFID technology into their locating software. By doing this, your PBX system would know not to try your office phone when you’re away from the desk, or would know to cut straight to voice mail when you’re at home.
10. Email Integration
Modern PBX systems have the ability to merge with email clients (such as Microsoft Outlook) and retrieve contact information on the various customers you’re on the phone with. Once a call is received, the name and phone number of the customer is automatically matched with existing records in your email contact database and their complete customer profile is brought up on the screen. From there you can get a more thorough idea of who you’re dealing with and will know how to better serve their needs.
PBX telephony also boasts the capability to transfer company employees’ voicemail messages to their company email account. The messages are sent in easy to access audio files and allow employees to store and manage all of their voice mailbox contents.
11. Total “Business Intelligence” Integration
If you’ve successfully integrated email into your PBX system why not take it a step further and integrate your entire business intelligence operation? PBX systems have the ability to communicate with your computer and the customer databases you keep on that computer. To merge the databases and PBX, simply take the call information from your customer, probe the database and presto — you now have all of that customer’s contact information, previous interactions, purchase history, etc.
Properly incorporating business intelligence and your PBX will allow for more streamlined and targeted customer relations, as employees will immediately know background information about the customer, that customer’s history with the company, past issues they have had and whether they have been flagged as a particularly important or problematic client.
One of the ways you can take advantage of this technology is by analysing your customer’s purchasing records and determining what they’ll need next as the call takes place. At the same time the call is taking place, you can email the customer quotes about your latest products that are related to previous orders he or she has placed, as well as go over these new products during that same call. Thus, the integration of “real time” accessible business intelligence data will allow you not only to better serve your clients, but it will also allow you to predict which products they might be interested in and use the call as an opportunity to pitch those new products.
12. Call Routing
Advanced PBX functionality allows for calls to be routed based upon certain criteria including caller importance, length of wait, time of day, day of week, etc.
For example, if the president of your company is calling for sales statistics it’s probably not a good idea to have him wait in the standard customer queue. Likewise, if someone is calling after certain departments are closed it’s probably better to patch them through to the operator rather than have them traverse 2 minutes worth of menus to find out the bad news.
Just as with call holding, caller mapping is the key to an efficient call routing scheme. Unless you know all the variants of calls the your company receives, you cannot begin to create a PBX routing system that will properly treat all of those callers.
13. Analog vs. IP Phones
To provide the greatest range of flexibility, modern PBX systems are able to direct calls through both analog and IP based phones. Both types of calls have their cost and service advantages. Consequently, it is important to setup your PBX so that calls which are more cost-efficient through VoIP (many long-distance calls) are routed through it, while calls that would benefit from the quality of analog are directed through those lines. It is rare to find companies that over utilize VoIP calling. As a starting point, begin by examining your analog calling for inefficiencies, rather than the other way around.
14. IP Multimedia Subsystem (IMS)
To take your PBX system to the next level you should make sure it has the technology to provide IMS functionality. IMS allows users to send and receive multiple types of media across a network rather than just hearing voice on a standard PBX system, or reading text on a SMS system. For instance, you could video conference or give an extensive presentation in real time.
15. Virtual PBX Systems
For smaller companies who want many of the capabilities of IP PBX but who do not want to incur the costs associated with hosting their own server, virtual PBX has you covered. To gain access to the majority of the standard PBX features (and some of the advanced ones) try using a PBX system hosted on a third party’s network. Although your privacy won’t be the same and some of the more interesting advanced features will only come in limited form, you can save thousands of pounds / dollars in expenses.
COMPLETE PBX SYSTEMS
If you’re on the market for a PBX solution, one of the hardest but most important decisions you can make is in deciding between different products.
NORTH West professionals have emerged as victims of phone hacking as the fall out from the scandal gathers pace.
The media team at Manchester law firm Pannone said lawyers and other professionals who were advising clients involved in the media are finding themselves victims of phone hacking.
The team is currently acting for two individuals who are involved in litigation as a result of hacking allegations.
It is through these cases that the team has gained a detailed insight into the alleged hacking, and consider that many individuals may be unaware that they may have had their phone hacked.
Paul Jonson, head of dispute resolution at Pannone, said one partner at a North West firm acting for a high profile religious figure who was considering suing the News of the World for libel was recently told by police officers involved in Operation Weeting that his mobile phone had been hacked.
The partner’s name and mobile phone number as well as that of this client were found in a notebook belonging to a journalist employed by the News of the World.
Melanie McGuirk, a partner in the media and IP team, said: “Phone hacking is not just restricted to celebrities, sports stars and those in the public eye. It now seems that professional advisers to high profile individuals have themselves become victims.
“Although a lot of the hacking took place back in 2006, many of the victims are only now being contacted by the police. Those who are being informed that they may have had their phone hacked need to seek urgent legal advice because of time limits on bringing privacy claims.
“Unusually, there is no settled limitation period with regard to privacy claims. Arguably the relevant time periods, in which to bring a claim, are one, three and six years. Therefore people who think they may have been the victims of hacking need to seek advice sooner rather than later.”
The phone hacking scandal hit the headlines in the summer and led to News International closing down the News of the World, ending its 186-year history.
The Government has set up an inquiry into the press and its relationships with the police and politicians, which is being chaired by Sir Brian Leveson. There are also a number of separate police investigations taking place into alleged hacking.
Phone hacking is both an invasion of privacy and a breach of Article 8 of the European Convention on Human Rights.
In a number of cases that have been heard by the English courts and the European Court of Human Rights, judges have repeatedly upheld a right to privacy for both celebrities and the “man in the street”. The law is still developing in this area.
Not only does phone hacking give rise to a civil liability for damages, but it is also a serious criminal offence. Section 1 of the Regulation of Investigatory Powers Act 2000 makes it an offence for a person intentionally and without authority to intercept at any place in the UK any communication in the course of transmission by means of a public or private telecommunications system, such a mobile phone network.
If this article has raised any issues for your business which you would like to discuss further, please click here or call us on 0800 840 4929.
Phreaking is a multi-billion dollar international fraud by organised crime with links to terrorists — Al Qaeda and the Mumbai bombers — and you’ll be an unwitting accomplice in this fraud.
Phreakers perpetrate this crime by operating their own telcos and when they strike they’ll use your PABX in their network of phreaked PABXs to carry their illegal phone traffic — and you’ll have to pay for it.
Phreakers could be “grooming” your PABX right now in preparation for them commissioning it into service whenever they need it to route their illegal call traffic through it — and you won’t even know it.
Phone fraud is FIVE times bigger than credit card fraud globally.
The UK is one of the world’s Top 5 countries targeted by phreakers.
You PABX is one of the most vital assets of your business — and without installed security, its most vulnerable.
If your PABX is attacked, your phone bill could be 10-100 times higher than normal — and often even more than this — but you won’t know until your phone bill arrives.
The resident security in your PABX and voicemail, including all your passwords, can be breached by phreakers in milliseconds.
Once phreakers have access to your PABX, they automatically avoid all your network and internet security and immediately have backdoor access to your PC and data networks.
Your telco carrier and/or your airtime provider will expect you to pay the bill phreakers make via your PABX which at the very worst and if it’s high enough, could bankrupt your business.
Passwords, alerts and regular audits of your PABX will not protect you on any level from phreakers.
Most phreaking attacks occur after hours, at the weekend or at holiday times when detection is least likely.
If conventional weapons are used against phreakers, you’ll lose significant functionality of your PABX because the only way to contain them will be to shut down ALL outbound calling access and your voicemail — but this will still not prevent your PABX’s passwords from being breached.
A voice firewall is recommended to protect most common phone systems against hacking, however this type of equipment cost money and therefore you must work this into your disaster recovery budget or business continuity plan.