the mathematics behind hacking telephone systems
DESCRIPTION
The Mathematics Behind Hacking Telephone SystemsTRANSCRIPT
The Mathematics Behind Hacking Telephone Systems
Introduction In today's business environment, security is of vital importance. This importance extends to voice networks just as much as data and the risks of a security breach are growing daily. In this document we detail some of the reasons behind the increasing popularity of Toll Fraud. The main reason for the increase in Toll Fraud instances is simply because, from the hacker’s perspective, his is a low risk high profit crime. Low risk because you, the target, probably will not notice, for quite some time, that you have been attacked. Low risk because, when you do notice the attack, you will not know what to do about it. Low risk because when you do report it your PTO (Public Telecom Operator) probably will not know what to do about it. Low risk because your telephone system maintainer probably will not know what to do about it. Low risk because the hacker has daisy chained several hacked systems together making it virtually impossible to find out where he started from. High profit, because you can generate THOUSANDS of pounds per system per day. And there is one final reason; It is generally very easy to do…………………
Voicemail and Automated Response Systems Many modern telephone systems offer both build in Voicemail and Automated Response Systems Voicemail, so that when you are away from your desk you don’t miss your messages and Automated Response to tell your customers that you are closed when you have gone home. Both of these are normally protected by a PIN number. Generally, this will be a four digit PIN which is more than sufficient because; 1/. That’s what the telephone system has 2/. It’s good enough for your credit cards Well, there is a quote from a hacker that goes along the lines of; “I don’t care how much money, time and effort you put into the best security system in the world – It’s only as good as the first one of your idiot that uses 1 2 3 4 as a password!” From this, we can deduce that some PIN numbers are not as good as the others; 1 2 3 4 4 3 2 1 1 1 1 1 2 2 2 2 3 3 3 3 4 4 4 4 1 9 3 7 (The four corners of a keypad) 2 5 8 0 (The line down the middle of a keypad) 1 9 0 0 to 2 0 1 0 (Possible Birthdays and Anniversaries) 1 0 6 6 (Historically significant dates) The default system password (Can be found on the internet)
Have you seen your password yet????
Cracking PIN Numbers So, how long does it take you to enter your PIN number? I would suggest 5 seconds or less. Now lets explore some mathematics……………….. If you have a four digit password the maximum number of permutations is 9999. If it takes 5 seconds to enter one permutation, the amount of time taken to enter them all would be;
9999 X 5 Seconds = 49995 Seconds
833.25 Hours
34 Days So, you can now sleep easily in you bed, because you change your password every month and your password would be the last one that was ever tried. But, wait a minute, how many voicemail ports does your telephone system have? Maybe 4 that means that we can now run four simultaneous attacks, so that quarters the time;
(9999 X 5 Seconds)/4 = 12498 Seconds
208.31 Hours
8.6 Days Still pretty safe, unfortunately though you bought a nice modern system with 20 port voicemail and now what we are looking at is;
(9999 X 5 Seconds)/20 = 2499 Seconds
25 Minutes
Still sleeping soundly in your bed……………. Still, even if someone does get into your voicemail, how bad can it be??????
Theoretical Voicemail Hack On Friday your business closes at 17:00
At 17:01 a hacker breaches your system and starts to generates outgoing telephone calls
Each of these calls is to a premium rated telephone number.
You discover the hack at 09:01 on Monday morning (as you return to work).
The duration of this hack is 3,840 minutes,
Therefore;
£ 1.00 (p3 UK premium rate) per minute premium rate = £ 3,840
£ 1.25 (p33 UK premium rate) per minute premium rate = £ 4,800
£ 1.50 (p0 UK premium rate) per minute premium rate = £ 5,760
However, you have twenty port voicemail generating twenty calls; the actual figures could be;
£ 1.00 per minute premium rate = £ 76,800
£ 1.25 per minute premium rate = £ 96,000
£ 1.50 per minute premium rate = £ 115,200
And if you are lucky enough to have bought 30 port voicemail;
£ 1.00 per minute premium rate = £ 115,200
£ 1.25 per minute premium rate = £ 144,000
£ 1.50 per minute premium rate = £ 172,800 It’s a good job that’s only theoretical…………
Real World Examples PBX toll fraud is a $12 billion a year industry, Canada alone accounts for about $30 million while the United States counts for about $ 4 Billion. 1 (UK Figures not available). Scotland Yard over 18 Months 6 £ 1,000,000 Duxbury Library 2 $ 15,000 Homeland Security 9 $ 12,000 Legrand Software in one night 8 $ 1,800 Hub Computer Solutions 7 $ 50,000 Irish Department of Social Welfare over one weekend 3 € 300,000 Perpetual Trustees (Australia) over two months 5 $ 600,000 Perpetual Trustees (Australia) on one day 5 $ 80,000 Plastic Plumbing (Australia) over three months 5 $ 50,000 Three Filipino residents 4 $ 55,000,000 UK becomes a global top 5 communication fraud hotspot Source
1. Bell Communications 2. The Boston Globe 3. Silicon Republic 4. Washington Post 5. Risk Management Magazine 6. Comms Dealer Volume 10 Issue 8 August 2005 7. Wired 8. ZDNet 9. CBS News
What should you do next? Simply contact either your system maintainer or a specialist PBX security company and enquire about a telephone system vulnerability analysis. And don’t expect this to be a one off fix. Software upgrades, new bugs and programming changes mean that this is a service which will need to be repeated at least annually to be of any value.