Author Topic: Hacked! Trying to figure out how.  (Read 1054 times)

Offline ralph

  • Mitel Forums Admin
  • Hero Member
  • *****
  • Posts: 5767
  • Country: us
  • Karma: +469/-0
  • Published Author: http://amzn.to/2dcYSY5
    • View Profile
Hacked! Trying to figure out how.
« on: November 11, 2016, 09:58:52 AM »
I just received a call from colleague at another company.
They had a hack and now they're trying to figure out how it happened.

The VM/AA is MS Exchange.  (Neither of us know anything about that product)
PBX 3300 
SIP Trunks to Exchange
PRI from carrier

Here's what happened as far as we know:
Caller dials into an AA for a Casino.
Presses 1 to be transferred to an ACD queue.
The caller is transferred to a "Foreign" individual, meaning I presume "Thick Accent", not US.
The caller ends up giving the person their credit card info.
The person then says, one moment and then actually transfers the caller into the ACD queue.
No the CC info has been stolen.

The SMDR call record show the caller coming into the exchange server, appears to be in there for ~7 minutes and then is transferred to the ACD.

There are only two things I can think of that could have happened here:

1) The Exchange server was compromised in such a way that the hacker was able to talk through it to the customer.  That would be some kind of conference, I would think.

2) The hacker hacked the exchange server in such a way that when the user pressed '1' in the AA it transferred the caller out to an external number.   The SIP trunks to the server does not have SMDR turned on thus no call records for that leg of it.

To me this seems obvious it was a hack on Exchange.  Does anyone know how this might have been done?  I've have zero experience with it.

Ralph













 


Offline v2win

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 628
  • Country: us
  • Karma: +11/-0
    • View Profile
Re: Hacked! Trying to figure out how.
« Reply #1 on: November 11, 2016, 01:38:18 PM »
Can the VM vendor provide any type of SMDR logs from the VM?

Offline ralph

  • Mitel Forums Admin
  • Hero Member
  • *****
  • Posts: 5767
  • Country: us
  • Karma: +469/-0
  • Published Author: http://amzn.to/2dcYSY5
    • View Profile
Re: Hacked! Trying to figure out how.
« Reply #2 on: November 11, 2016, 04:45:58 PM »
The tech called me and said they looked but didn't see anything.

Ralph


 

Sitemap 1 2 3 4 5 6 7 8 9 10