Sicurezza

Oculeus anti-fraud offering protects against telecom system abuse

When most enterprise companies worry about having their systems hacked by attackers, the main concern is for the enterprise networks. Few companies consider that their phone systems may be vulnerable to hacking resulting in costly toll fraud. Nevertheless, the practice of hacking into corporate PBX systems and injecting fraudulent calls over the network is causing billions of dollars in damage worldwide every year.

Enterprise companies use modern PBX (private branch exchange) systems to run their communications. A PBX switches calls between enterprise users on local lines while allowing all users to share a certain number of external phone lines. Modern PBX systems work on the Session Initiation Protocol (SIP), which is a signaling protocol used for initiating, maintaining, and terminating real-time sessions that include voice, video, and messaging applications.

SIP is a protocol that runs on the internet rather than on traditional telecommunication lines. It creates a vulnerability because the protocol is open for anybody to get into these communications if they have the access credentials. The only thing an attacker needs to hack a PBX is a login ID and password and then it’s possible to start a fraudulent voice communication via a telco operator.

This is a common occurrence. A fraudster logs into a device on the PBX and is then able to inject other people’s calls into the enterprise’s phone system. The fraudster resells this calling capacity to people or companies who want to place calls to high-cost destinations, often in Africa and other far away destinations. The telecommunications service connects these unauthorized calls to their destinations because they look like legitimate calls to the phone company.

Who gets stuck with the bill for the calls? The enterprise, of course.

Once the billing period is over, the enterprise receives an invoice for the telecommunications services that were provided over that time period. It is now when the enterprise may discover the fraudulent use of its phone lines. The thieves can easily rack up tens of thousands of dollars’ worth of calls without anyone knowing until it’s too late.