June 11th, 2003, 11:00 AM
Data Network compromised through phone network
Phone phreaking is well known from dacades, but the introduction of data services had increased related threats. Especially with the increase of IP telephony.
Gateway & Gatekeeper could stand for an open door to internet hackers.
(I'm wondering if IP telephony will really populate most cie as CISCO thinks)
[QUOTE]Full article here: Newer phone networks often are linked to internal corporate data networks, making them enticing targets for hackers, said Lisa Pierce, a research fellow for the Giga Information Group, a subsidiary of Forrester Research.
Hackers compromising PBX systems that run voice data services can use them as entryways into computer systems. From there they can steal corporate information, eavesdrop on conversations and create havoc on the system because no one knows where the attacks are coming from, she said.
"[When] you have internal data and voice lines on the same network, it's basically a welcome sign for hackers," Pierce added. "The implications can get frightening pretty quickly."
Unsecured corporate phone systems can leave open other back doors to a company's network. Kevin Mitnick, who spent five years in jail for hacking into telephone companies and stealing secret code from software industry titans, broke into software maker Novell Corp.'s network in a similar way.
[shadow] SHARING KNOWLEDGE[/shadow]
June 13th, 2003, 04:10 PM
IT's an interesting thought to think about. But exactly how many hackers out there do this sort of thing? It sounds like bad news, but it's not something that I've really heard going across CNN about how hackers have totally screwed up this and that due to using this back door. But it does kind of make you wonder the next time you make a private call from work.
[shadow]There is no right and wrong, only fun and boring...
Formatting my server because someone hacked into it sounds pretty boring to me...
That\'s why it\'s all about AntiOnline.com![/shadow]
June 13th, 2003, 04:15 PM
Actually this is very relavent. We audited our PBX system and indeed found that a similar technique would work to gain entry. We have since worked with the vendor to resolve the issue.
but it's not something that I've really heard going across CNN about how hackers have totally screwed up this and that due to using this back door.
If the news hits CNN or the like, you can be sure that it's old news. They are the last ones to report computer info and by then you could've been compromised.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
June 13th, 2003, 04:40 PM
Networker: As Hoss says this isn't exactly new. I read about the potential some time ago, (though my old brain can't remember where), and when we had our new phone system put in I grilled them long and hard on the security implications. In our case there is no real link between the call accounting system and the PBX. The PBX can only be accessed from a dial-up connection that only allows the call to go to a single pre-determined location from a single remote phone number. The PBX itself reports to the call accounting system that can be accessed from the internal network but the incoming maintenance dial-up is physically separated from the call accounting portion of the hardware - at least - that's what they assured me. Needless to say I have no way of ascertaining that but if I get hacked that way I'm prepared to lawsuit their asses out of the state!!!!
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides