one of our customer was hacked on his voice interfact 1 year ago. Environment is a CM6.1 and a 3K router with E1 interface as gateway.
The hacker did use a leak with unassigned called number. The customer had some destination number (he did not give us a complete list of all called DID number). So when the acking compagny did call those number he could send #0000 just behind the called number and he get an outgoing call free of charge. As this compagny did use them for long distance call, the customer was charged with more the 30K$ in 4 days (was on a E1 on all channel during a weekend + some day).
To avoid this, we did configure a default translation where all non tanslated number has as destination (the centrale office phone). So even if there is an wrong incomming number, he will arrive on a phone and do not receive an outgoing line.
No log entries in CM, the call did never ritch the CM, he did the turn directly in his router. It was the provider who calles to indicate a very large volume and cost on this line.
Now, in August, the same customer has outgoing calls during 1 week that he never could do. The calls are in the middle of the night where nobody is on site. The amount in 5 day is only 600$ but a leak must be there to do this. Nothing says that one day a explosion of those calls will not happen. The provider has verified the outgoing logs on his systems and the call are realy comming from this E1 interface (no error just on billing but real call). He do not have any incomming stats and in the CM has no log entry about thos calls (like before, it must be probably a turn-way in the router). The router where rebooted a few days before we did receive the probleme from customer as we did add a new interface in the router. Anyway, as the trouble was 2 week earlier, the logs would not stay in the log... Destination where middle-east, US and this customer never call this destination (thats why hi did see it).
Any idea or experience with such a probleme?
Any idea about how they can do this?
Any idea who to prevent any turn in to the router?