PHONE-MASTER PANASONIC SUPPORT: VOICEMAIL HACKERS

Back to Phone-Master Support page / PANASONIC or to home-page Phone-Master

Philippines Hack

The Telecommunications Industry is experiencing a series of PBX hacks involving millions of calls and thousands of dollars.

WHAT IS HAPPENING? The voice mail/PBX system is hacked by entering using system default passwords. Hackers program the system to dial a number (or numbers) in the Philippines whenever a message is left in a mailbox or all mailboxes. Hackers even create new mailboxes and can program one box to dial another, looping endlessly. Originally, call durations were less than 1 minute and all terminated to Manila, Philippines, country code 63, city code 2. Recently, longer calls have been recorded to the Philippines and other international destinations, implying that hackers are sharing access information with others interested in making free phone calls.

Customers may notice the switchboard shows some lines busy all the time or employees may complain about not being able to get into the voice mail. This is because as messages are left, outbound calls are being made, over and over again!

WHY? Originally, it was believed this was a way of generating settlement charges. After some investigation with Philippines law enforcement, it is now believed this fraudulent activity may be a gang related retaliation method. For others, the motivation is the amusement of infecting a PBX with a virus. As the hack continues to spread, the motivation may change to selling access for profit.

Our staff at PanasonicHelp.com have seen several Panasonic systems hacked. The hacker can either get in through the administrative mailboxes (998 and 999) or individual user mailboxes.

If they get in the 999 box, they set up as many virtual mailboxes as you have ports, program them for continuous telephone notification and leave a message. The mailbox then continuously attempts to call the user in the Philippines. The end result is hundreds of calls can be placed every day resulting in a substantial long distance bill to you.

If they get into a user box, they just do the same thing with the same result. If they only find one box without a password, they can only tie up one line. The more unprotected mailboxes they can find, the more lines they can have dialing out.

What Can you Do?

1. Make sure administrative boxes 998 and 999 have passwords.

2. Make sure all individual mailboxes are password protected.

3. Phones in areas such as a staff kitchen, conference room etc. should not have a mailbox assigned to them. If they do, password protect them.

4. This is the most important step you can do. Have the voice mail jacks on your phone system restricted from 0 plus or 1 plus dialing. Then program exception codes if you need for telephone/beeper notification. If this step is done, no calls will be made either international or long distance, even if the voice mail gets hacked.