Guy hacks company's phone system to....?

[jxfuryice]

Oh I hear ya. Sounds like a plan, I might look into that. I'm going to see if I can pry into the IT guys when I get back to work after some much needed vacation and see what they gotta say about it. I just got done reading some articles and one was about digital phreaking. I think this is what this guy is doing.

Not quite for sure but it sounds like his M.O.

However... could he be transferring data? Who knows... although again if anyone has more to add feel free. I'll update again if I ever find out anything more about the "mystical phone phreak guy thing bobber." heh

Thanks again!


-Jxfuryice

"Love me or hate me, but spare me you're indifference." -Himmler

[w-mellon]

Interesting!
First off - do you know for certain that this gent being transferred to IT is doing anything your company believes criminal? I don't think you have established that..

However for the fun of it....

I can think of several things this gent is trying to do...
Hack the voicemail to listen to private messages, enter DTMF tones during transfer to attempt getting an outside line to make additional calls, or maybe an internal arrangement with someone to do the same without all the hacking. (the voicemail - depending on it's intelligence - may be able to be programmed to allow access to outside lines).
Anybody hear of a feature called voicemail callback? Someone leaves you a voicemail and it will call you to alert you of the voicemail left. With minor mod's it could just be made to make a call not a callback. Some voicemail systems today can be programmed for voicemail to email notification. Similar notification but via email - not callback. What would you do with this? Either way the key to tracing this out starts with the "IT" telephone number and account you're transferring him to - you would need to look at the programming on the switch and voicemail system. Maybe the vulnerability (if he is exploiting a vulnerability) doesn't exist in your system but in the carrier provided connection between Dallas and NYC? If asked your phone company can identify the caller relatively easily (at least the calling country and number) and take steps to block them.
Again, Interesting....

[jxfuryice]

Hey thanks for the reply....

Yes we know it's illegal. Chief of security has notfied us. He claims he's calling from the "new york city" IT center. What's funny is we don't have a IT center there. It has been offcially stated through e-mail through our work that he is dong something illegal. We don't understand exactly what he is after or why. But we know it's not a good thing.

Do you know of anyway to trace his call? Or even to figure out where he is orginating?

See a few of us think that he get in some other company, then goes to ours, then goes to another etc... but he checks voicemails etc... I have read similar things with the phreaking aspect of it all. Might be a possible motive. However what is to gain from that? Also yet again the question remains how do you "catch him" find out his orgin.

GREAT REPLY! Thanks really answered some questions I had.

Thanks again!

-Jxfuryice

"Love me or hate me but, spare me you're indiffernce." -Himmler

[zencoder]

Do you know of anyway to trace his call? Or even to figure out where he is orginating?

There's really no way any of us folks would be able to divine these things easier than you would. Sure it can be done; with access to the telecom management system used by your company, or to the telco service providers data. But it sounds like you don't have access to either.

One thing I need to say; I suggested how you could invoke some external notice anonymously, and I mentioned 'vicarious liability'. I have to warn now that, if the IT personnel or security personnel are conducting an investigation, and you are off here doing your own research and ACTIVELY trying to figure out what this guy is doing (by monitoring him when he calls or directing him to certain resources or locations outside of company policy), if they find out, you are almost certain to get canned, and probably implicated as a co-conspirator.

No offense, but this is a classic case of 'let the experts do their job'; you may disagree on their status as 'experts', but they are the ones with 'authority' from the company; that single factor means the difference between a criminal charge and an 'atta-boy-good-job' in your personnel file.

Now pursuing the knowledge of what he might be doing, asking here or elsewhere, and drawing your own conclusions is admirable. It's the sort of thing a real hacker would do (read: real definition of a hacker). If they catch you, or find logs or evidence of you doing ANYTHING with this guy outside of company policy, you're ****ed, no two-ways about it.

[jxfuryice]

Oh I completely agree with you.
I mean COMPLETELY agree.

However the latest e-mail we received said something to the effect is if you find see any numbers he calls from then to let him know. Sure I don't think he wants you actively looking at it. My big though b/c I DON'T want to get canned. Was to just research and figure out what he was doing on my own, as a curious person interested to see what he might be up to. More or less really. I thought about the things you said too very helpful. I just figured maybe if I found out a way to track him or could firgure out where the vulnerability(sp?) is. Then maybe, just maybe there would be a way to let the IT/security department(s) know and they could take it from there.


I don't think I would be blamed for a co-conspiracy theory though. It's basically impossible for me to gain access to anything b/c of the security on the machines. I'm sure I could break it if I reallly wanted to, but I don't first off, and secondly I'll be honest and say that if I did break it proably just be by accident since I'm just learning about security and stuff like that.

Thanks again for all the reply's. Try to find out more detail later on.

-Jxfuryice

"Love me or hate me but, spare me you're indifference." -Himmler

[Kite]

this sounds like that book 'The Cukcoos Egg'. it very well may be 'industrial espionage' but im not sure the FBI would be willing to help you out.

[jxfuryice]

Well on the FBI's website. Basically says to let them know. Really not much I can do about just wanted some idea's to see what he was up to!

Thanks again!

-Jxfuryice

"Love me or hate me but, spare me you're indifference." -Himmler