Security Alert: Scammers are holding your phones hostage for ransom

I recently read an article in the Chicago Tribune that was actually reprinted from the  LA Times (,0,5710787.story). It described a nightmare similar to what some of our clients have gone through at different times over the past year.

Here is the scenario: all of a sudden (literally) all of their phone lines are taken over by a caller who is posing as a debt collection agency trying to collect on a delinquent account for an “employee”. In none of the cases was the named employee a current employee of my clients. All of the phone lines (in some cases they were SIP trunks, in other cases plain ordinary telephone lines and in two cases they were PRI running over a T1’s for a total of 46 channels) were taken over so that no calls could be received or made. The caller wanted to collect $500 or more dollars immediately. The business could pay- and then they would release the lines. In other cases, IP sets were “spoofed” and the hackers made hundreds of dollars in fraudlent calls that were billed to clients.

Can you imagine how frustrating that is? My clients were enraged. The local police were called – and were not able to do anything about the situation. The FBI Cyber Crimes unit was called – but they could do nothing about it. In each of the cases, other legitimate business numbers were faked (a.k.a “spoofed”) as the calling party.

In each of the cases,  we had to involve the carrier. Out of all of the carriers, SNET reacted the fastest. CBeyond was the most responsive with follow up. With SNET  in about 5 minutes, the nuisance calls were blocked and service was restored. In the other cases, the denial of service took over for a couple of hours. Denial of service attacks ( when hackers install programs on unprotected computers and overwhelm targeted servers) are common in the IP world. It’s a type of attack that is getting more common in the voice world as more companies adopt IP telephony (such as SIP trunks and converged circuits).

There are a few ways to protect yourself.

  1. First and foremost, either install your own Session Border Controller or make sure that your provider has an enterprise level session border controller installed on your circuits.
  2. Make sure that you know how to escalate your case through your carrier.
  3. Ensure that you have their emergency numbers on your cell phone and that you know your account information.
  4. Make sure that you have multiple authorized representatives on the account who can open and escalate trouble tickets.
  5. Know your vendors!  Emergency phone numbers, contact names and emails.
  6. If you are running your own IP equipment, make sure that it is in Stealth DMZ,  behind a firewall, that default passwords were changed and no one (even the most VIP) uses easy passwords.

In addition, the only way that this will be acted on is through involving law enforcement. The FBI Cyber Crimes unit should be notified and the incident should be reported. Helping them will give them necessary information in catching culprits. If you are an IT professional, join INFRAGARD which is a strategic partnership between the Bureau and IT professionals.