What Is It?
VoIP cyber-crime happens when a criminal gains remote access to your PBX or telephone account to make fraudulent calls. Calls are usually made to expensive overseas destinations that you would not normally ring yourself, such as Antarctica or North Korea. Using computers to generate the calls, criminals can make hundreds of calls a minute, costing thousands of dollars an hour. (www.zdnet.com.au/wa-police-chase-70k-voip-fraud-spree-339313074.htm) Buroserv was presented with a compelling reason to review service partners when our wholesale partner announced a withdrawal from the market.
We took the opportunity to seek a replacement that would help us take advantage of new market opportunities, and to look at new network options built around speed unencumbered by legacy considerations and complexity.
The criminals responsible are highly organised and use sophisticated techniques to hack vulnerable systems and crack passwords. This type of crime is very profitable and results in the criminals receiving a ‘kickback’ from the recipients of the calls.
Unfortunately, because the criminals are almost always based overseas, it is difficult for law enforcement agencies to bring successful prosecutions.
How to Protect Against It
Prevention
The best way to protect against VoIP cyber-crime is to stop hackers gaining access to your PBX or telephone account in the first place. To do this you should:
Disable remote access to your PBX
Use strong passwords that include upper and lower case, numbers and special characters. If your password is on the list of 500 worst passwords you need to change it! (www.whatsmypass.com/the-top-500-worst-passwords-of-all-time)
Change passwords regularly
Use a unique password for each account – don’t re-use passwords
Don’t email passwords or store them on a computer in clear text
Minimisation
If your system is compromised, it is important to limit the hacker’s scope for making fraudulent calls. Ways of doing this are:
Restrict calling to only the destinations you need to access. If you don’t need to make international calls, block them. If you don’t need to ring South America, block it. This can be done by removing destinations from your tariffs in Porta.
Use credit limits on accounts in our PBX. Once an account’s credit limit is reached, the account is automatically blocked so the hacker can’t make any more fraudulent calls.
Buroserv Cyber Security
Buroserv has implemented a number of measures designed to prevent and minimise VoIP cyber-crime. These work best in conjunction with the practices described above.
Restricted and Blocked Destinations
By default, we restrict customers’ (and hackers’) ability to make international calls by limiting them to countries that are relatively free of cyber-crime. These include most commonly called countries such as New Zealand, Singapore and USA.
Some customers of course have a legitimate need to call a wider range of overseas destinations. These customers can opt out of our Restricted Destinations program. However we will still block calls to very high risk destinations such as North Korea.
Fraud Alerts
Buroserv uses real-time traffic monitoring to identify fraudulent call patterns 24 hours a day. We employ sophisticated reporting tools to determine whether the number of calls to any particular destination is outside the norm. If fraud is detected, an alarm is generated and one of our security specialists will investigate and take appropriate corrective action such as blocking accounts or destinations. We respond to alarms 24 hours a day, 7 days a week because most criminals deliberately launch attacks outside of normal business hours to try to reduce the chance of being detected.
Suspicious Activity
As well as responding to fraudulent calls, Buroserv monitors for suspicious activity. This includes:
Active monitoring for high levels of unsuccessful password attempts to prevent ‘brute force’ attempts to crack account passwords.
Monitoring of unsuccessful fraud attempts. Multiple call attempts to destinations on our blocked and restricted destinations are an indication that an account has been compromised.
Customer Reporting
If we detect that one of our customer’s accounts has been compromised, we will immediately bar international calling to prevent any further fraudulent calls. We also contact the affected customer and provide a report of both successful and unsuccessful call attempts.
Ongoing Activities
Evidence from other carriers suggests that the incidence of VoIP cyber-crime is increasing and that the methods employed are becoming more sophisticated. For example fraud attempts used to be directed mostly to single countries, whereas now it is more common to see criminals target multiple destinations to try to find telephone numbers that are not blocked.
Buroserv continuously reviews all successful and unsuccessful fraud attempts to enable us to improve our fraud detection and prevention algorithms to ensure that our customers continue to receive the highest level of protection.
