I just received a call from colleague at another company.
They had a hack and now they're trying to figure out how it happened.
The VM/AA is MS Exchange. (Neither of us know anything about that product)
PBX 3300
SIP Trunks to Exchange
PRI from carrier
Here's what happened as far as we know:
Caller dials into an AA for a Casino.
Presses 1 to be transferred to an ACD queue.
The caller is transferred to a "Foreign" individual, meaning I presume "Thick Accent", not US.
The caller ends up giving the person their credit card info.
The person then says, one moment and then actually transfers the caller into the ACD queue.
No the CC info has been stolen.
The SMDR call record show the caller coming into the exchange server, appears to be in there for ~7 minutes and then is transferred to the ACD.
There are only two things I can think of that could have happened here:
1) The Exchange server was compromised in such a way that the hacker was able to talk through it to the customer. That would be some kind of conference, I would think.
2) The hacker hacked the exchange server in such a way that when the user pressed '1' in the AA it transferred the caller out to an external number. The SIP trunks to the server does not have SMDR turned on thus no call records for that leg of it.
To me this seems obvious it was a hack on Exchange. Does anyone know how this might have been done? I've have zero experience with it.
Ralph