Hi guys, if you are in New Zealand you might want to read this.
Currently there is a big hacking attempt going on where unscrupulous people are hacking into Asterisk based systems and then dialing numbers up to 3 different countries.
Ok, all going well you have locked your systems down and this wont be an issue, but here is what we have experienced and its prob. worth checking it out just in case.
the numbers being dialed start with either 0025, 0026 or 004
The latter is a bit of a pain as that covers parts of Europe, but 0025 and 0026 are Ethiopia and Zimbabwe.
We found out about this for a client who uses our software which interfaces with Asterisk. They had just upgraded to Windows 7 and there were a few issues we needed to help sort out. One of the issues was related to a comport, as our software can use a comport to get CDR Data.
I noticed this call for $40+ and thought, hmm. I did a bit more digging and found 647 calls to 0025 ad 0026 !!! This BTW was in a period of 5 days too.
Most of the calls were around the 20 min mark. The customer could not understand why their lines were all tied up. Just to mention, we didnt put in their phone system but we know or way around TB well enough to help etc.
We turned on the call recording, and these numbers were calling what seemed like a lottery place. The more minutes they spend on the call there more chances to enter the draw sort of thing.
Anyway, the guy who looks after the phone system finally locked it down and the damage to the client was $10k in calls !!! they were told by their phone provider that someone else had been taken for over $100K !!!
I got a bit worried myself and took a look at my system since I have the ports open for when I am away so I can use my PABX to make calls etc. Fortunitly, whilst I had in-fact that very day been hit 6 times, I had closed the out-going ports on my router…PHEW!!! Now the incoming are blocked too !!
We also go contacted by yet another client who uses our software to see if we could build in an alerting system to our software as they had also been hit. However this time, their Telco who is Telecom actually RANG then and told them and blocked toll calls until its sorted…and…waived the charges. 10 points to Telecom, 0 points to the other telco provider starting with “T” who waited till the customer rang them and then they told the customer they have known about it for 31 days…hmmmm.
So, long story short, if your in NZ, check your CDR logs to make sure your not getting hit. This whole process is automated too, They use all but one line when they are doing it, and when you listen to the messages, you can hear an automated voice reading out a code at the beginning.
So I hope this helps people !!