Home > Lucent Technologies > Communications System > Lucent Technologies BCS Products Security Handbook Instructions Manual

Lucent Technologies BCS Products Security Handbook Instructions Manual

    Download as PDF Print this page Share this page

    Have a look at the manual Lucent Technologies BCS Products Security Handbook Instructions Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 413 Lucent Technologies manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    About This Document 
    Page xxi Lucent Technologies Toll Fraud Crisis Intervention 
    Lucent Technologies Toll Fraud Crisis 
    Intervention
    If you suspect you are being victimized by toll fraud or theft of services and need 
    technical support or assistance, call the appropriate Lucent Technologies BCS 
    service:
    NOTE:
    These services are available 24 hours a day, 365 days a year. Consultation 
    charges may apply. Intervention services are performed at no charge for 
    equipment covered by warranty or service agreement.
    Helplines
    nIf you require application support assistance or have questions regarding 
    feature functions for the DEFINITY ECS, DEFINITY G1, G2, and G3, 
    System 75, or System 85 Communications Systems, associated voice mail 
    systems, or other adjuncts, contact the DEFINITY Helpline:
    800 225-7585
    Toll Fraud Intervention Hotline800 643-2353
    All systems and products; DEFINITY 
    ECS and DEFINITY Communications 
    Systems, System 75, System 85, 
    MERLIN II, MERLIN LEGEND, MERLIN 
    Plus, PARTNER II, PARTNER Plus, and 
    System 25 Communications Systems 
    (including associated voice mail 
    systems and other adjuncts)
    Technical Service Center (TSC):800 242-2121
    DEFINITY ECS, DEFINITY 
    Communications System, System 75, 
    and System 85
    (including associated voice mail 
    systems and other adjuncts)
    National Service Assistance Center 
    (NSAC):800 628-2888
    MERLIN II, MERLIN LEGEND, MERLIN 
    Plus, PARTNER II, PARTNER Plus, and 
    System 25 Communications Systems 
    (including associated voice mail 
    systems and other adjuncts) 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    About This Document 
    Page xxii Related Documentation 
    nFor assistance with the DEFINITY AUDIX System, call:
    800 562-8349
    nFor assistance with the MERLIN II, MERLIN LEGEND, MERLIN Plus, 
    PARTNER II, PARTNER Plus, or System 25 Communications Systems, or 
    their associated voice mail systems or other adjuncts, call:
    800 628-2888
    NOTE:
    The above services may result in an additional charge. Intervention services 
    are performed at no charge for equipment covered by warranty or service 
    agreement.
    Related Documentation
    The security risks and preventive measures presented in this document relate 
    specifically to toll fraud. This handbook is designed to work with the 
    documentation for the products described in this document, and it is not intended 
    as a replacement for any of the documentation available for these products. Refer 
    to the 
    Business Communications Systems Publications Catalog, 555-000-010, for 
    more information. 
    						
    							Introduction 
    Page 1-1 Background 
    1
    BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    1
    1Introduction
    Background
    Telecommunications fraud is the unauthorized use of a company’s 
    telecommunications service. This type of fraud has been in existence since the 
    1950s when Lucent Technologies first introduced Direct Distance Dialing (DDD).
    In the 1970s Remote Access became a target for individuals seeking 
    unauthorized network access. Now, with the added capabilities of voice mail and 
    automated attendant services, customer premises equipment-based toll fraud has 
    expanded as a new type of communications abuse.
    Today, security problems are not just limited to toll fraud. There have been sharp 
    increases in reported incidents of hackers: criminals skilled in reprogramming 
    computer systems, accessing telecommunications systems through remote 
    administration or maintenance ports. These ports cannot be used to place phone 
    calls, but hackers can gain control over the setup of the system. Through these 
    ports, hackers create security “holes” to allow unauthorized calling — a serious 
    form of electronic vandalism.
    A company’s “information resources” are yet another target for modern criminals. 
    They are invading voice mailboxes and eavesdropping on cellular phone calls to 
    obtain proprietary information about your products or your customers. 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Introduction 
    Page 1-2 Who is the Enemy? 
    1
    Who is the Enemy?
    Hackers and Phreakers
    Hackers and “phreakers” (phone freaks) use personal computers, random 
    number generators, and password cracking programs to break into even the most 
    sophisticated customer premises equipment-based system if it has not been 
    adequately secured. Once a hacker penetrates a network and provides 
    instructions to toll call sellers, large volumes of unauthorized calls can be made 
    from the switch. Severe cases of communications abuse can also reduce revenue 
    and productivity when employees are unable to dial out and customers are unable 
    to call in.
    These people are criminals, as defined by the United States Secret Service and 
    Title 18 Section 1029 of the United States Criminal Code. They attempt to find 
    your weakest link and break it. Once they have compromised your system, they 
    will use your system resources to break into another system, and/or advertise that 
    they have broken your system and how they did it. They will also sell this 
    information to a call sell operator. Some hackers command up to $10,000.00 a 
    week for stolen codes.
    Call Sell Operations
    Most of the high dollar theft comes from call sell operations. These operations 
    vary from a pay phone thief, who stands next to a pay phone and “sells” discount 
    calls through your system, to a full-blown call sell operation.
    A full-blown operation might involve a one-room apartment (rented under an 
    assumed name) with 30 to 40 phones (lines from the phone company are under 
    the same assumed name). The general pitch is that for a flat fee you can call 
    anywhere in the world and talk as long as you like. The seller takes the money 
    and places the call for the buyer, and then walks away so he will not get caught. 
    Needless to say, a victimized company is paying for the actual call.
    The call sell operation is open round-the-clock, and when the victimized company 
    stops the abuse, the call sell operator moves on to the next number. In a month or 
    two the call sell operator just disappears (and will usually resurface at another 
    apartment with another 30 phones and a way into your system).
    The toll fraud industry is growing fast. Originally, the majority of toll fraud was 
    based in New York, NY. Now call sell operations are springing up in Miami, FL, 
    Chicago, IL, Los Angeles and San Francisco, CA, and other locations around the 
    country, even throughout the world.
    Call sell operations are dependent on calling card numbers or other means to 
    fraudulently use a customer premises equipment-based system. The major calling 
    card vendors monitor calling card usage and shut down in a matter of minutes  
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Introduction 
    Page 1-3 What is in a Loss? 
    1
    after detecting the fraud. However, call sell operators know that the traffic on most 
    customer premises equipment-based systems is not monitored.
    That is why a calling card on the street sells for $30.00 and a customer premises 
    equipment-based system code (called a Montevello) sells for up to $3,000.00.
    Drug Dealers
    Drug dealers want phone lines that are difficult to trace so they can conduct their 
    illicit narcotic dealings. For this reason, drug dealers are more likely to route their 
    calls through two or more communications systems (PBXs) or voice mail systems 
    before a call is completed. This is called “looping.” Law enforcement officers 
    believe that drug dealers and other criminals make up a sizeable chunk of toll 
    fraud.
    What is in a Loss?
    Cost of the Phone Bill
    There are no real numbers showing exactly how much money companies have 
    lost due to toll fraud. Since some companies are not willing to disclose this 
    information, it is difficult to know who has been hit and at what cost. Both small 
    and large companies have been victims of what is one of the nation’s most 
    expensive corporate crimes.
    Lost Revenue
    The cost of operational impact may be more severe than the toll charges. 
    Employees cannot get outbound lines, and customers cannot call in. Both 
    scenarios result in potential loss of business. 
    Expenses
    Additional expenses may be incurred, such as changing well-known, advertised 
    numbers, service interruptions, and loss of customer confidence.
    Known Toll Fraud Activity
    Understanding how hackers penetrate your system is the first step in learning 
    what to do to protect your company. Be aware that hackers communicate very 
    well, are extremely resourceful, and are persistent. The following is a list of known 
    methods hackers use to break into systems. 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Introduction 
    Page 1-4 Known Toll Fraud Activity 
    1
    nPBX-Based Activity
    —Maintenance Port
    Maintenance ports are the most recent target of abuse. In this 
    scenario, hackers find a PBX maintenance port number with their 
    “war dialer,” a device that randomly dials telephone numbers until a 
    modem or dial tone is obtained. They then “hack” the user ID and 
    password, sometimes just by using the PBX default passwords, to 
    enter your system. Good password selection decreases the 
    possibility of being hacked via the maintenance port to virtually zero.
    This is the most dangerous type of abuse because once in your 
    system, the hackers have control over all the administrative 
    commands. While in your system, they have been known to:
    — Turn on Remote Access or Direct Inward System Access 
    (DISA). (On some communications systems, this is a “yes” or 
    “no” option.) These situations can be difficult to detect.
    Hackers have been known to change the system at 8:00 p.m. 
    to allow fraudulent calls. Then, at 3:00 a.m., they reprogram 
    the system back to its original configuration. One company 
    was hit three weekends in a row before they realized what 
    was happening.
    — Turn off Call Detail Recording (CDR) or Station Message 
    Detail Recording (SMDR) and hack your system all weekend, 
    and then turn it back on before Monday morning. This is 
    especially disturbing to managers who are security conscious 
    and check the CDR/SMDR reports every morning looking for 
    suspicious activity. They will not see records of the calls 
    because CDR/SMDR was turned off by the hackers. The 
    administrator may notice the absence of CDR/SMDR records 
    for evening, night, and weekend calls made by employees.
    —Voice Mail
    There are two types of voice mail fraud. The first type, which is 
    responsible for the bulk of equipment-related toll fraud loss, relies on 
    misuse of the call transfer capabilities of voice mail systems. Once 
    thieves transfer to dial tone, they may dial a Trunk Access Code 
    (TAC), Feature Access Code or Facility Access Code (FAC), or 
    extension number.
    If the system is not properly secured, thieves can make fraudulent 
    long distance calls or request a company employee to transfer them 
    to a long distance number.
    The second type of voice mail fraud occurs when a hacker accesses 
    a mailbox to either take it over or simply access the information 
    stored within it. 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Introduction 
    Page 1-5 Known Toll Fraud Activity 
    1
    In the first situation, a hacker dials either 9 or a TAC that allows the 
    call to be transferred to the outgoing facilities. In the second 
    situation, a hacker typically hacks the mail password and changes it 
    along with the greeting. This gives the hacker access to proprietary 
    corporate information.
    —Automated Attendant
    Auto Attendants are used by many companies to augment or 
    replace a switchboard operator. When an Auto Attendant answers, 
    the caller is generally given several options. A typical greeting is: 
    “Hello, you’ve reached XYZ Bank. Please enter 1 for Auto Loans, 
    2for Home Mortgages. If you know the number of the person you 
    are calling, please enter that now.”
    In some Auto Attendants, option 9 is to access dial tone. In addition, 
    when asked to enter an extension, the hacker enters 9180 or 9011. 
    If the system is not properly configured, the Auto Attendant passes 
    the call back to the PBX. The PBX reacts to 9 as a request for a dial 
    tone. The 180 becomes the first numbers of a 1-809 call to the 
    Dominican Republic. The 011 is treated as the first digits of an 
    international call. The hacker then enters the remaining digits of the 
    phone number and the call is completed. You, the PBX owner, pay 
    for it. This hacker scenario works the same way with a voice mail 
    system.
    —Remote Access/Direct Inward System Access (DISA)
    Remote Access or DISA is designed to allow remote users to 
    access a PBX to place long distance calls as if they were at the 
    same site as the PBX. Because of the potential cost savings, many 
    PBX owners use DISA instead of calling cards; however, Remote 
    Access opens the door for fraudulent calls by thieves.
    Hackers are able to locate the DISA feature with the use of a war 
    dialer, explained previously. After finding a number, the device 
    searches for barrier codes.
    If the system allows uninterrupted, continuous access, a war dialer 
    can crack a 6-digit code within 6 hours. The codes are then 
    distributed via bulletin boards or pirated voice mailboxes, or are sold 
    to call sell operators. Some systems hang up after a specified 
    number of invalid access attempts, thereby extending the amount of 
    time required to crack the code. However even if a hacker is 
    disconnected, he or she may call back repeatedly in an attempt to 
    crack the code. 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Introduction 
    Page 1-6 Known Toll Fraud Activity 
    1
    nNetwork-Based Activities
    —Shoulder Surfing
    Network hackers use video cameras in airports supposedly to take 
    pictures of their family, but they are actually taking pictures of people 
    using their calling cards. Hackers may also use an audio tape 
    recorder to capture calling card numbers as they are spoken to an 
    operator. This technique is known as “Shoulder Surfing.”
    —Social Engineering
    “Social Engineering” is a con game hackers frequently use. It is 
    sometimes referred to as “Operator Deceit.” The success of this con 
    requires gullibility or laxity on the part of the operator or employee, 
    of which the hacker takes full advantage.
    For example, hackers call an employee, claim to have the wrong 
    extension number, and ask to be transferred back to the operator. 
    The call looks to the operator like an internal call. The hacker then 
    asks for an outside line. Often, because operators do not know any 
    better, they will connect the hacker to an outside line.
    Another example of social engineering is a hacker calling the 
    operator and pretending to be a telephone maintenance repair 
    person. They make statements like: “I am a qualified telephone 
    repairman testing your lines. Please transfer me to 900 or 9#;” or “I 
    need to verify your DID number range.” An untrained operator may 
    provide the requested transfer or information, giving the hacker 
    more ammunition with which to crack your system.
    — Dumpster Diving
    Hackers obtain switch and security information by browsing through 
    company trash cans. They are looking for discarded phone bills, 
    corporate phone directories, and access codes. The “found” 
    information can be used to make fraudulent calls.
    —Alternate Carrier Access
    If your system is not secure, hackers can dial out by using carrier 
    codes that bypass routing restrictions you have placed on your 
    primary carrier’s features.
    —Looping
    Looping is a method that call sell operators use to circumvent 
    restrictions that IXCs (Interexchange Carriers) put in the networks to 
    control calling card fraud. All carriers block calling card calls bound 
    for the 809 area code (to the Dominican Republic) that originate in 
    New York, NY. This is because the Dominican Republic is a 
    common destination for stolen phone calls. If call sell operators are 
    able to obtain a dial tone from a PBX but are not able to dial 809 or 
    011 directly, they will revert to looping. They could dial an 800 
    number outbound from the PBX. The 800 number could be to 
    another PBX or could be a calling card or operator access number.  
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Introduction 
    Page 1-7 Known Toll Fraud Activity 
    1
    Examples include, but are not limited to the following 800 numbers: 
    1 800 COLLECT, 1 800 CALLATT, and 1 800 GETINFO. They could 
    also dial 950 carrier access numbers.
    Lastly, they can dial various 10xxx carrier access codes. In any 
    case, they can still use the PBX to place a fraudulent call. If the PBX 
    is not in New York, NY, they can use the calling card. Use of the 
    10xxx codes could allow for direct billing to the PBX. It is not 
    uncommon for hackers to “loop” through as many as five 
    communications systems before completing the fraudulent call.
    — Call Diverters
    A call diverter is a device used to forward calls to a different location, 
    usually after business hours. These are normally used for smaller 
    businesses who forward their calls to an answering service after 
    hours.
    When hackers find a number they suspect is using a call diverter, 
    they call the number. When the call is answered, the hacker claims 
    to have misdialed or remains silent. Then when the caller hangs up, 
    the call diverter sometimes gives the hacker dial tone before the 
    disconnect is completed. The hacker then seizes the dial tone and 
    uses it to place fraudulent long distance calls.
    — Beeper and/or Pager Scam
    A scam directed at pagers and beepers is as follows. Many of the 
    Local Exchange Carriers (LECs) have run out of numbers in the 976 
    prefix, so they are using other prefixes that work the same as 976. 
    That is, the calling party gets charged for the call at a rate set by the 
    owner of the number.
    The 976-look-alike numbers are constantly expanding. They 
    include, but are not limited to the following:
    202-915-xxxx 315-970-xxxx 516-970-xxxx 716-550-xxxx
    206-960-xxxx 401-940-xxxx 518-540-xxxx 716-970-xxxx
    207-940-xxxx 402-960-xxxx 518-550-xxxx 718-540-xxxx
    208-960-xxxx 410-915-xxxx 518-970-xxxx 718-550-xxxx
    212-540-xxxx 412-556-xxxx 602-676-xxxx 718-970-xxxx
    212-550-xxxx 413-550-xxxx 603-940-xxxx 719-898-xxxx
    212-970-xxxx 413-940-xxxx 605-960-xxxx 801-960-xxxx
    215-556-xxxx 504-636-xxxx 607-540-xxxx 804-268-xxxx
    301-915-xxxx 505-960-xxxx 607-550-xxxx 804-844-xxxx
    303-960-xxxx 507-960-xxxx 607-970-xxxx 817-892-xxxx
    307-960-xxxx 508-940-xxxx 617-550-xxxx 914-540-xxxx 
    						
    							BCS Products
    Security Handbook  
    555-025-600  Issue 6
    December 1997
    Introduction 
    Page 1-8 Known Toll Fraud Activity 
    1
    The fee charged for calling these numbers can range upwards of 
    $250 per call. As already stated, the fee is set by the owner of the 
    number. Unscrupulous people who own these numbers call around 
    the country inserting these numbers into pagers to get the users to 
    return the call so that they can collect the fee. Consult your LEC for 
    a list of 976-look-alike numbers in your exchange.
    This same scam could also easily apply to messages left on voice 
    mail. The person could state, “I’m John Doe calling from XYZ. 
    Please return my call at 212-540-xxxx.” When you return the call, 
    you are charged $50.00.
    Another slant to this scam is carried out by messengers who deliver 
    parcels to your office. They will ask to use your company’s phone to 
    call their office. Then they call one of these 976-look-alike numbers 
    and stay on the line for a minute or two. Your company then gets the 
    bill for a $250 call that lasted only a couple of minutes.
    — Internal Abuse
    Unfortunately, not all toll fraud is generated from “outsiders.” Many 
    times it can be traced to internal employees who either sell the 
    information or abuse the system for their own gain.
    —Call Forwarding Off-Premises
    Call forwarding can be programmed to forward calls internally 
    (within the PBX) or off-premises. If off-premises call forwarding is 
    allowed, unscrupulous employees can take advantage of it. They 
    forward the phone to a number (usually their home number). They 
    tell their friends and family to call the company’s 800 number and 
    insert the employee’s extension number. The call is forwarded to the 
    employee’s home phone, and the company foots the bill for the call.
    308-960-xxxx 512-766-xxxx 617-940-xxxx 914-550-xxxx
    315-540-xxxx 516-540-xxxx 703-844-xxxx 914-970-xxxx
    315-550-xxxx 516-550-xxxx 716-540-xxxx 
    						
    All Lucent Technologies manuals Comments (0)

    Related Manuals for Lucent Technologies BCS Products Security Handbook Instructions Manual