atcomsystems.ca/forum Forums TDM Business Telephone Systems NEC Telephones & Systems Hacked system

I am not looking into changing companies because of them charging for service. It is because of the 'customer service' that I am getting throughout this. I don't understand how it is not possible for them to see what activity has happened unless it has been billed. Whether or not they can tell me. They say they don't have any way to access that information.

On the tech end, nobody can tell me what needs to be done to protect us. And I mean they can't tell me what I can pay them to do to fix it. They say other than the international call block they don't know. So I want to look into other companies because this one doesn't seem to know how to work on our system. Paid or not.

Regarding the "Sandy Simmons" box, I did put a password on that. I'm irritated that most of the employees did not have passwords set. I don't know how to even find out what other boxes there may be.

You guys are great. This is a great service you all provide. Thanks

They can't tell you when it happens because you are not monitoring your outgoing calls with the SMDR capabilities of the system. (SMDR = Station Message Detail Recording) Get it set up now, and explained to you in terms that make sense to you! While they are there, Deny trunk/line outbound access for AA/VM ports, Change the Admin password on the phone system AND the AA/VM. AGAIN! And make the passwords NOT be easy to remember. No consecutive digit strings like 1234 or 2468, your license plate number, last four of you social, birth date, etc.

Also as a minimum. International toll bar your VMS ports. We do this as a matter of course now on system installs. Just hope the the hacker doesn't know how to access the PBX programming to unblock them..

The Hacker Can't make Changes to Your System if they don't have a way to Enter "System Manager" Programming. Go to Every Phone and Log in to that Phones Mail Box and Make sure They aren't set to System Manager. The Problem That You may Have is The Last time they were in there, they have already setup their box's. Only one way to Make sure, You have to have your tech Log into the Voice mail with a Laptop and go thru all the Box's.

I wasn't thinking of the hacker accessing the voicemail but via the systems remote modem.. hasn't happened yet down here but there is always a first..

Like Rickman said...without console access to the VM itself there's no easy way to see all of the new boxes that were made. I would be less worried about securing the current boxes which is easy enough, it's the CARS/virtuals that were created once the system was compromised that are most likely doing the 'damage'.

I know that this is an old thread, but just for reference, in case it would be helpful to folks...

It's a good idea, whenever you're logged into any A/V voicemail, to scroll through the mailboxes and note boxes that don't have the "SC" flag (SC = Security Code). Also, scan for mailboxes that transfer to 9, or 9,011, etc., and for notification codes that start 9011, especially 9011632xxxxxxxx (Philippines, Manila).

I usually give the local IT guy a list of mailboxes with no SC and explain the dangers. That puts it on him to keep the users doing things right.