At our firm we use VOIP.MS for our outbound telephone service and for most of our inbound telephone service. VOIP.MS is one of the several companies these days that makes it easy to dump the traditional landline telephone services and make use of voice over IP. As I have discussed in previous blog articles, it is astonishing how much money one can save and it is astonishing what powerful features can be implemented in one’s telephone system, using voice over IP. There are a bunch of reasons why we felt good about having selected VOIP.MS for most of our voice over IP services.
But today’s blog article talks about a new and different reason why we feel good about having selected VOIP.MS. They noticed that someone in the Gaza strip had snuck into our PBX and had placed several telephone calls to mobile phones in Albania. They proactively shut off the international calling on the trunk that had been passing these calls, and they dropped an email to us letting us know. This was at 9AM on a Sunday.
I will describe in some detail exactly what happened.
Our PBX is set up so that people can have telephones at remote locations. (We call such a phone “a bat phone” as in “tomorrow I will be working from home and you can reach me on the bat phone”.) Such a phone connects to our office by means of a user ID and a password.
When we received this email from VOIP.MS we checked our CDR (call detail report). Yes it was exactly as they said. About ten calls had been dialed within the past hour, all to a couple of cell phones (Vodaphone numbers) in Albania. Only two calls actually went through. (The total cost to us was about forty cents.)
We then looked to see which telephone extension had been used to dial those calls. It was a “spare” extension number that normally was not in use. Someone had somehow randomly guessed (maybe through a brute-force attack) the password for that extension number. This person then placed the calls to Albania. What we could see was the person’s IP address. We were then able to look up the IP address and we were able to see that the IP address is in the city of Khan Yunis in the Gaza Strip.
Sometimes when things like this happen, it is that the caller is in cahoots with the owner of the telephone number being dialed. There are some situations where the owner of the telephone number being dialed actually receives some money for each call that is received. (The usual way that this happens is with some telephone numbers in the Caribbean that look superficially like ordinary North American telephone numbers but are instead very expensive telephone numbers to call.)
But in this case I’d guess this is not what was going on. The destination telephone numbers were not particularly expensive telephone numbers to call. And anyway most of the calls did not even go through.
We immediately changed the password for the telephone extension. And we immediately did something which we ought to have done a long time ago, which was to turn on a feature on our PBX that cuts off an IP address of a telephone extension that is trying to connect to our PBX, for some period of time, after some number of failed attempts to connect.
When that was done, we logged in at VOIP.MS and turned international calling back on for the trunk that was involved in these calls.
One very interesting aspect of most VOIP service providers is that most of them work by having the customer pay in advance and the service stops if the advance gets used up. In this way, if a problem such as a hijacked PBX were to go unnoticed for a long time, the financial consequence is limited to the dollar amount of the advance.
But in this case the financial consequence of the hijacked PBX was a loss of about forty cents. All because of the delightful diligence of the VOIP.MS company.