Business Stuck With Massive Bill After Phones Hacked
-
Business Stuck With Massive Bill After Phones Hacked
CLARK COUNTY, KY (Lex 18) - A Winchester small business was stuck with a crippling phone bill after the company president said the phone system was hacked.
On payroll day for New Moon Medical President Ben Worthington had to be very sure about each check he writes. Because of what happened one night a few weeks ago, he's pinching every penny.
"We found out that somebody had hacked the phone system and used the system to dial international calls," Worthington explained.
He said he learned the hackers made more than 200 calls in 2 hours, to be exact. Each call went to the same phone number in Buenavista, Cuba.
-
I wonder why they left calling to Cuba enabled with the carrier?
-
@scottalanmiller said in Business Stuck With Massive Bill After Phones Hacked:
I wonder why they left calling to Cuba enabled with the carrier?
Difficult to say - Who manages their phone system (not NTG) - Are they experienced? and so many other questions...
My first guess - Spectrum themselves are 'responsible' -
-
This would be a good time to discuss best practices for phone systems.
For example:
- If you're PBX is cloud hosted, do you allow access to SSH access to it from anywhere, of do you only allow access from specific IPs?
- Same question, but for web access.
- What other methods are you taking to secure your PBX?
-
@fuznutz04 said in Business Stuck With Massive Bill After Phones Hacked:
This would be a good time to discuss best practices for phone systems.
For example:
- If you're PBX is cloud hosted, do you allow access to SSH access to it from anywhere, of do you only allow access from specific IPs?
We are working on moving that to "no SSH at all", but it's currently more "SSH turned on when needed and turned off when done."
-
@fuznutz04 said in Business Stuck With Massive Bill After Phones Hacked:
- Same question, but for web access.
For us at @NTG this is really about the customer. Some want it from anywhere, some never use it. If they never use it, best to just turn it off completely.
-
@scottalanmiller Meaning that if SSH is turned off, you only access it from console?
-
@fuznutz04 said in Business Stuck With Massive Bill After Phones Hacked:
@scottalanmiller Meaning that if SSH is turned off, you only access it from console?
No, not only the console and we "never" use console access (admins don't get console access so that would be problematic, but we have some minor separation of duties there so effectively the console would only exist as an option in a break glass scenario where an admin like @Mike-Ralston escalated to either @art_of_shred or myself in order to get console access - I'm really the only crossover person) but we use Salt so there isn't need for login access at all (or we use Salt to turn it on at least.)
-
Two hundred calls is not that many. 200x2 is 400 hours of calls, max. That's 24,000 minutes. First call rate that I found is $.89/min. So that could be around $22K. But only if their PBX allowed 200 simultaneous calls and all of them ran the full duration of the two hours.
If this was loads of normal calls of a few minutes, how much was this bill really?
-
@Reid-Cooper I'm wondering if they were calling a toll-line. That's the only thing that makes sense in this instance.
-
@coliver said in Business Stuck With Massive Bill After Phones Hacked:
@Reid-Cooper I'm wondering if they were calling a toll-line. That's the only thing that makes sense in this instance.
Does Cuba have toll lines? They might not.
-
@scottalanmiller said in Business Stuck With Massive Bill After Phones Hacked:
@fuznutz04 said in Business Stuck With Massive Bill After Phones Hacked:
- Same question, but for web access.
For us at @NTG this is really about the customer. Some want it from anywhere, some never use it. If they never use it, best to just turn it off completely.
But again, in this scenario, if YOU would need it to make some changes, then you just turn it on via Salt, make changes, then turn if off?
-
@scottalanmiller said in Business Stuck With Massive Bill After Phones Hacked:
@fuznutz04 said in Business Stuck With Massive Bill After Phones Hacked:
@scottalanmiller Meaning that if SSH is turned off, you only access it from console?
No, not only the console and we "never" use console access (admins don't get console access so that would be problematic, but we have some minor separation of duties there so effectively the console would only exist as an option in a break glass scenario where an admin like @Mike-Ralston escalated to either @art_of_shred or myself in order to get console access - I'm really the only crossover person) but we use Salt so there isn't need for login access at all (or we use Salt to turn it on at least.)
This is an interesting concept that I'd like to move to eventually. I need to get more up to speed with Salt however before moving to this route.
Idea for Mangocon 2017. Saltstack!
-
@fuznutz04 said in Business Stuck With Massive Bill After Phones Hacked:
@scottalanmiller said in Business Stuck With Massive Bill After Phones Hacked:
@fuznutz04 said in Business Stuck With Massive Bill After Phones Hacked:
@scottalanmiller Meaning that if SSH is turned off, you only access it from console?
No, not only the console and we "never" use console access (admins don't get console access so that would be problematic, but we have some minor separation of duties there so effectively the console would only exist as an option in a break glass scenario where an admin like @Mike-Ralston escalated to either @art_of_shred or myself in order to get console access - I'm really the only crossover person) but we use Salt so there isn't need for login access at all (or we use Salt to turn it on at least.)
This is an interesting concept that I'd like to move to eventually. I need to get more up to speed with Salt however before moving to this route.
Idea for Mangocon 2017. Saltstack!
It's on the agenda. Not Salt specifically, but the concepts. It's the "State of the Art in System Administration" presentation that @art_of_shred and I are doing.
-
I believe that @QuixoticJeremy is doing a talk about something kind of similar.
