Guy hacks company's phone system to....?

Hello everyone! I really appreciate all the informaiton you all have give me while I have been posting and reading other forum subjects here. So just wanted to say thanks in advance.

However... I have another problem and I need you're help. Honestly I didn't know where to put my question(s)/problem(s) so I decided to just post in general chat. Since I'm new to all this pleas try and bare with me while I try to explain what is going on, and feel free to ask any questions/statements I might have missed. Okay enough babble now on to my problem.... :)

Here's the real deal....

The company I work for (going to college) I just normally take customer service calls. Well anyhow I guess this started about 2 months ago, this arabic sounding man would call and say...
"Transfer me to the IT department". Now we all found this odd for the simple fact that IT is closed when we work (I work the 7pm-3am shift). We would ask him where it was located and he would say New York, NY. Well our main IT office is located in Dallas. We new this was odd. We tried to get a caller ID number off him however none was listed. So days went on and many people got the same phone calls some people tranfered him to the number he wanted. The orginal thought is that the man was doing this to get free long distance. However just a few nights ago some customer service reps decided to keep him on the line and try to see where he was calling from. They just told the man to hold on a second and they would transfer him. They went to another line in a manager's office and looked at the caller ID. Nothing! However they did find some interesting information. It turns out when the put the phone on speaker phone to l"listen" into the man while we was suppose to be on hold. The customer service agent told me that he would get into people's voicemails and just enter in passwords. So I figured maybed he's hacking voicemail boxes to transfer data or something. It turns out our "head of security" guy in Dallas (our corporate office) sent out an e-mail not to transfer the man and there actviely investigating it. So they claim at least. The security guy is just that. A security guard. He knows nothing about the computer aspect, let alone our IT department is small and it's a total joke. I don't know that much about security yet I know some flaws that I have already found.

So I guess in that long drawn out story, I have questions to ask.

- What is this guy doing?
- Is there a way to find out how the call stats?
- Where it orginates from?

So I figured he was hacking the phone system or a theory was he was transfering data over multiple phone lines to "jump" to each line to eventually get to an end point.

We have 4 call centers in the U.S. (only ones we got) I don't know if any other calls centers have gotten this. I belive they have but it mainly happens late at night when the phone lines are slower.

I don't know much more information then that. I just figured someone here would know what to do or a way to "find" him. Anyhow thanks in advance you all are the best!


- Jxfuryice

"Love me or hate me, but spare me you're indifference." - Himmler

No one's called the FBI? (I believe there may be certain phone laws that he could be breaking and asking the FBI to get involved might help you better).

I suppose, if you're system is digital, that it could be used to send data around but I would think it would be more likely, if he's trying to compromise voicemail, that he's either doing "industrial espionage" (trying to find trade secrets) or trying to find unused voicemail boxes so that messages can be saved/storage for others to hear/call into.

To find out where it originates would probably mean a call to your phone provider and/or your voicemail box provider.

I have to admit being a bit neophyte for this area so these are "educated" guesses I'm making. I'm also moving this to Misc Security. Seems a little more appropriate there.

Thanks for the gusses at least :)

Well honestly I was thinking about going to talk to the FBI or someone. However I figured my superiors would just work on it. "Not my problem" type of attitude. However since I Have in interest in security. I figured I might be able to help.

You think I should go tell the FBI anyhow? By the way we do have digital lines. My roommates idea was that he was transfering data between each one to "cover his steps".

Again I don't know what to do, but thanks for the early reply... keep them coming!


-Jxfuryice

"Love me or hate me but, spare me you're indifference." -Himmler

As MsMittens noted, talk to your phonecompany and see what they can do. Even if Caller ID didn't work, you may have more succes with Call Trace.

Thanks again for the reply. However I'm not a IT guy, I'm not a supervisor. I'm just a customer service agent that receives the calls. I can't call the phone company on my company. I mean I would figure the "Chief of Security" would. I don't know if they have. My job is to just help customers calling in. However, I feel that I can help. I know a little about computers and like I said previously. I want to help. I want to help catch this guy.

Anyhow thanks again for the reply...... Keep them coming!



-Jxfuryice

"Love me or hate me but, spare me you're indifference." -Himmler

You might consider an anonymous hint dropped to the FBI/DHS about the situation, in case your superiors aren't interested in that avenue. Please be aware this might get you in hot water with your employer if they don't want to bring the Fed's in, thus my 'anonymous' suggestion.

Also, you probably shouldn't officially contact them either, without your employers consent. It's good that you've thought this was an unusual situation and explored it further, but acting without their consent can cause you some serious grief. The term is 'vicarious liability'.

Yes I thought about that. That's why I thought that avenue wouldn't be that good of an idea. However the "anon" suggestion really isn't anon. I have to describe where it's happening how it's happening and there going to want to interview people. Not to mention I went to the FBI's website, under "drop a hint" or something like that. It even confesses to the fact you may not remain anon.

It's the patriot act now :) So that's easier said then done. However what I'm mainly looking for is some way to track him so I can send an e-mail to my chief of security down in Dallas, Texas. That way he can get real time data. Furthermore that works out better b/c I would still be doing my job and if he is already talking with a law enforcement agency I'm not stepping on any toes just providing better intelligence on the operation that this person is doing.

I appreciate the reply. However I think I wrote my post poorly and I'm more or less looking of a way I can track or find out what he IS trying to do at least. It's peaked my curiousity. Somone surely knows of what he could be doing. I have been trying to research someone similar on the web, however ot no avail!

Thanks again though!

-Jxfuryice

"Love me or hate me, but spare me you're indifference." -Himmler

Being a customer service rep, I take it you spend a lot of time ont he phone, read the book "The Art of Decpeption" by Kevin Mitnick. If you get anything good out of it perhaps you could reccommend to your supervisor different strategies you can put into place to avoid strabge situations such as above.

The book gives tons of examples of social engineering and could be of a lot of benefit to someone such as yourself, since most of the attacks are targeted at people with positions such as yourself.

That's a good idea. Actually believe or not. I read that book once like when I was 12 or 13 somethign like that. I don't remember a thing but that's a great idea. I don't know if that will teach me how to trace it but we'll see.

Another problem here is that my supervisor is my best friend (since 8th grade we are also in the USAFR together.) Anytime I try to explain security he's like I know.. I know. I'm like (pardon here) LOOK BRO you don't freaking know, that's why I'm telling you. He's just real prideful. They are concerned with sales/customer service issues. Granted I would be to since thats our business. But I figure this could be affecting our business and I have said it once I'll say it again. This situation inrigues me. Plus I have talked to this guy on the phone and something just doesn't fit right with this guy. I can't get any answers from anyone there all just like, dont' worry about it.

I dunno I knew you guys would have good advice so that's why I posted this topic. I'll defintely have to try to dig up that book again or, just go to barnes 'n' noble, and buy another copy!

Thanks again!

-Jxfuryice


"Love me or hate me, but spare me you're indiffernce." -Himmler

Sorry, should have clarified when I mentioned anonymous. I don't mean go through their official channels. I mean true anonymity, as much as you can receive it today with the Internet.

Open a freemail account some place where it is hard to get cooperation tracing source IP's. Send them an email with all details you have. Play dumb when the interviews start.

What you're doing then is giving them some clues on what they should look into, without making yourself a 'source' of information. It's hard to subpeona "john doe" and expect him to show up to testify.

Oh I hear ya. Sounds like a plan, I might look into that. I'm going to see if I can pry into the IT guys when I get back to work after some much needed vacation and see what they gotta say about it. I just got done reading some articles and one was about digital phreaking. I think this is what this guy is doing.

Not quite for sure but it sounds like his M.O.

However... could he be transferring data? Who knows... although again if anyone has more to add feel free. I'll update again if I ever find out anything more about the "mystical phone phreak guy thing bobber." heh

Thanks again!


-Jxfuryice

"Love me or hate me, but spare me you're indifference." -Himmler

Interesting!
First off - do you know for certain that this gent being transferred to IT is doing anything your company believes criminal? I don't think you have established that..

However for the fun of it....

I can think of several things this gent is trying to do...
Hack the voicemail to listen to private messages, enter DTMF tones during transfer to attempt getting an outside line to make additional calls, or maybe an internal arrangement with someone to do the same without all the hacking. (the voicemail - depending on it's intelligence - may be able to be programmed to allow access to outside lines).
Anybody hear of a feature called voicemail callback? Someone leaves you a voicemail and it will call you to alert you of the voicemail left. With minor mod's it could just be made to make a call not a callback. Some voicemail systems today can be programmed for voicemail to email notification. Similar notification but via email - not callback. What would you do with this? Either way the key to tracing this out starts with the "IT" telephone number and account you're transferring him to - you would need to look at the programming on the switch and voicemail system. Maybe the vulnerability (if he is exploiting a vulnerability) doesn't exist in your system but in the carrier provided connection between Dallas and NYC? If asked your phone company can identify the caller relatively easily (at least the calling country and number) and take steps to block them.
Again, Interesting....

Hey thanks for the reply....

Yes we know it's illegal. Chief of security has notfied us. He claims he's calling from the "new york city" IT center. What's funny is we don't have a IT center there. It has been offcially stated through e-mail through our work that he is dong something illegal. We don't understand exactly what he is after or why. But we know it's not a good thing.

Do you know of anyway to trace his call? Or even to figure out where he is orginating?

See a few of us think that he get in some other company, then goes to ours, then goes to another etc... but he checks voicemails etc... I have read similar things with the phreaking aspect of it all. Might be a possible motive. However what is to gain from that? Also yet again the question remains how do you "catch him" find out his orgin.

GREAT REPLY! Thanks really answered some questions I had.

Thanks again!

-Jxfuryice

"Love me or hate me but, spare me you're indiffernce." -Himmler

Quote:

---

Do you know of anyway to trace his call? Or even to figure out where he is orginating?

---

There's really no way any of us folks would be able to divine these things easier than you would. Sure it can be done; with access to the telecom management system used by your company, or to the telco service providers data. But it sounds like you don't have access to either.

One thing I need to say; I suggested how you could invoke some external notice anonymously, and I mentioned 'vicarious liability'. I have to warn now that, if the IT personnel or security personnel are conducting an investigation, and you are off here doing your own research and ACTIVELY trying to figure out what this guy is doing (by monitoring him when he calls or directing him to certain resources or locations outside of company policy), if they find out, you are almost certain to get canned, and probably implicated as a co-conspirator.

No offense, but this is a classic case of 'let the experts do their job'; you may disagree on their status as 'experts', but they are the ones with 'authority' from the company; that single factor means the difference between a criminal charge and an 'atta-boy-good-job' in your personnel file.

Now pursuing the knowledge of what he might be doing, asking here or elsewhere, and drawing your own conclusions is admirable. It's the sort of thing a real hacker would do (read: real definition of a hacker). If they catch you, or find logs or evidence of you doing ANYTHING with this guy outside of company policy, you're ****ed, no two-ways about it.

Oh I completely agree with you.
I mean COMPLETELY agree.

However the latest e-mail we received said something to the effect is if you find see any numbers he calls from then to let him know. Sure I don't think he wants you actively looking at it. My big though b/c I DON'T want to get canned. Was to just research and figure out what he was doing on my own, as a curious person interested to see what he might be up to. More or less really. I thought about the things you said too very helpful. I just figured maybe if I found out a way to track him or could firgure out where the vulnerability(sp?) is. Then maybe, just maybe there would be a way to let the IT/security department(s) know and they could take it from there.


I don't think I would be blamed for a co-conspiracy theory though. It's basically impossible for me to gain access to anything b/c of the security on the machines. I'm sure I could break it if I reallly wanted to, but I don't first off, and secondly I'll be honest and say that if I did break it proably just be by accident since I'm just learning about security and stuff like that.

Thanks again for all the reply's. Try to find out more detail later on.

-Jxfuryice

"Love me or hate me but, spare me you're indifference." -Himmler

this sounds like that book 'The Cukcoos Egg'. it very well may be 'industrial espionage' but im not sure the FBI would be willing to help you out.

Well on the FBI's website. Basically says to let them know. Really not much I can do about just wanted some idea's to see what he was up to!

Thanks again!

-Jxfuryice

"Love me or hate me but, spare me you're indifference." -Himmler