Sjur Usken

Views on new technologies and business opportunities from Sjur Usken

Another VoIP hacking in Norway


The latest month of scanning has seemed valuable for the hackers. A Norwegian municipality has been hacked and their PBX has been calling Somalia and a lot of others destinations we have picked up on our VoIP honeypots during the last month.

If you have an unsecure IP PBX on the net, now it will only take hours before it will be detected. Most normal cause for this is misconfiguration. The people setting up the IP PBX has not taken security seriously and the IP PBX is wide open for calling.

The simplest ways is that inbound calls is routed out again if no local destination is found.  A little harder is to just brute-force the password on extensions. I can only say, there will be more like this!

Norwegian version

English version

The hacker can sell this “gateway” to a third party dealing with calling cards. I have investigated frauds in Norway where they managed to send 1,2 million NOK (approx 200 000 USD) within 10 days. This was a Cisco installation, but misconfigured Asterisk installations are also abused a lot.

3 responses to “Another VoIP hacking in Norway

  1. ajinder singh May 1, 2011 at 1:33 pm

    i am making a legal case against these people to charge them in Palestine for the voip hacking as they called number in somlia via palestine

    o ripe.admin@paltel.net,
    abuse@ripe.net
    date Sun, May 1, 2011 at 9:22 AM
    subject abuse by IP 188.161.223.126 this guy robbed $200,000 from us
    mailed-by gmail.com
    Important mainly because it was sent directly to you.
    hide details 9:22 AM (8 minutes ago)
    Dear Ripe Abuse

    One company in and our selves and possibly many more were hacked and robbed million of Dollars via IPs from Palestine Telecom Authority,

    I was hacked from 188.161.223.126 and same people have hacked in Norway $200000 dollars

    https://sjurusken.wordpress.com/2010/07/28/another-voip-hacking-in-norway

    We are asking for name of Company or Individual that did this hack

    pls give us the information so we can lay the charges on these people

    thanks

  2. ajinder singh May 4, 2011 at 11:15 am

    this ip – ” 62.103.159.134 ” first made a test call via our cisco 5350xm to UK number

    then on friday calls came in for Somalia PBX ASTERISK in 3 hours we were under $5200 USD

    all calls were traced to palestine as the orginating ip and some one from reach.ps email below said he will talk to his boss as its a IP under their system
    ripe.admin@paltel.net,
    abuse@ripe.net
    omar.abdelrahman@reach.ps

    here is our letter to palestine authority:

    One company in and our selves and possibly many more were hacked and robbed million of Dollars via IPs from Palestine Telecom Authority,

    I was hacked from 188.161.223.126 and same people have hacked in Norway $200000 dollars

    https://sjurusken.wordpress.com/2010/07/28/another-voip-hacking-in-norway

    We are asking for name of Company or Individual that did this hack

    pls give us the information so we can lay the charges on these people

    thanks

    number for palestine to somalia calls are below,

    0112522160411
    0112522168113
    0112522160411
    0112522160411
    01125270500484

  3. Pingback: somalia fraud via palestine | VoIP Fraud List – VoIP Hackers List

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: