Ep 1: The Phreaky World of PBX Hacking
en-us
September 01, 2017
TLDR: Farhan Arshad and Noor Aziz Uddin were placed on the FBI's Cyber's Most Wanted list for PBX hacking. They were later captured by investigators after allegedly accumulating significant wealth from exploiting phone systems.
Phone Hacking - A Threat to Your Finances: Hackers can exploit phone systems to make unauthorized, expensive calls through unsuspecting victims' phones, leading to huge bills. People must take measures to secure their phones and phone lines against such attacks.
Hackers can use methods like calling a desk phone in a random office and connecting to its voicemail to make unauthorized pay-per-minute calls, leading to enormous phone bills for unsuspecting victims. The hackers own the numbers being called, turning other people's phones into ATMs. These attacks can go unnoticed for a long time, and even when discovered, victims might struggle to get any help from the authorities or telephone companies. The scale of such attacks can be significant, as seen in the example of Adam Finch who found out a month later that his phone bill was $24,000 more than normal. People need to be vigilant and take appropriate measures to secure their phones and phone lines against such attacks.
How Hackers Exploit Default Passwords in Voicemail and Phone Systems: Protect your communication systems from being hacked by creating unique passwords, securing PBXs, and monitoring phone and voicemail activity for any anomalies.
Hackers can access voicemail and phone systems by exploiting default passwords and insecure configurations. They take advantage of default voicemail box pins and use call forwarding to reroute incoming calls to their pay-per-minute line. They also exploit insecure Private Branch Exchanges (PBXs) by finding their IP addresses and making phone calls from that office. This can be prevented by using unique, strong passwords, securing PBXs, and monitoring phone and voicemail activity for any anomalies. It is important for individuals and organizations to be aware of these security vulnerabilities and take appropriate measures to protect their communication systems from being hacked.
The Serious Consequences of Neglecting PBX Security: Improperly secured PBX systems put businesses at risk of costly hacking attacks, with phone companies not liable for fees incurred. Outsource PBX configuration with caution to avoid vulnerabilities.
PBX hacking is a serious crime that costs businesses over 10 billion dollars annually. Phone companies do not cover the charges of the victim as they have legal rights to collect their fees. The victim is held liable as it was their own negligence to secure their PBX that resulted in the attack. Companies need to take steps to secure their PBX properly, else they can be compromised easily. PBX hacking usually happens when the victim outsources PBX configuration to a cheap contractor. A PBX requires delicate balance configuration as it must block all incoming access while allowing calls initiated from the internet. Companies with 100 users can be compromised on a Friday night.
PBX Hacking: A Global Crime and the FBI's Pursuit for Justice: Despite limited resources and fear of negative publicity, victims of PBX hacking can report the crime to the FBI for data collection. The FBI's Cyber Most Wanted List offers rewards for information leading to the arrest of criminals.
PBX hacking is an international crime, but the police are not equipped to handle it as they lack resources to understand the crime and investigate. Companies fear bad publicity, so many of these crimes don't get reported. Victims can report the crime to the FBI for collecting data to build the case. Patterns of PBX hacking helped the FBI track down two men, but they were released by the Malaysian Attorney General due to the technicalities. Farhan and Uddin fled to Pakistan. FBI added both men to Cyber's Most Wanted List and announced a $50,000 reward for information leading to their arrest.
The Financial Threat of PBX Hacking and the Importance of Strong Security Measures.: PBX hacking can be financially devastating, as seen in recent cases. Tracking phone numbers and GPS coordinates can help catch culprits. Companies need to remain vigilant and invest in strong security measures to protect against PBX hackers.
PBX hacking can cause massive financial damage to companies and organizations, as proven by the cases in New Jersey where hackers allegedly caused losses of tens of thousands and even hundreds of thousands of dollars. The indictment report shows that the two men arrested in Pakistan were responsible for damages of fifty million dollars. As security measures against PBX hacking continue to be insufficient, similar incidents are still happening and many hackers remain unidentified and free. The PBX hacking case of Uddin and Arshad highlights the importance of tracking down phone numbers and GPS coordinates, which proved to be the key to apprehending the culprits. It is essential for companies and organizations to remain vigilant and invest in strong security measures to avoid falling prey to PBX hackers.
Was this summary helpful?
Recent Episodes
Ep 5: #ASUSGATE
Darknet Diaries
Security researcher Kyle Lovett discovered vulnerable Asus router security issues and aimed to resolve them, not just for himself but also for thousands of others who were similarly impacted.
November 01, 2017
Ep 4: Panic! at the TalkTalk Board Room
Darknet Diaries
TalkTalk suffered a major breach in 2015, prompting an investigation from UK government and Metropolitan Police. The mobile provider's CEO tried to keep customers calm during the crisis.
October 15, 2017
Ep 3: DigiNotar, You are the Weakest Link, Good Bye!
Darknet Diaries
The 2011 DigiNotar breach changed browser security practices. This episode explores how websites interact with Certificate Authorities (CAs), what role CAs play, and what happens when a CA is breached.
October 01, 2017
Ep 2: The Peculiar Case of the VTech Hacker
Darknet Diaries
In 2015, hacker stole gigs of kids' data on Vtech devices from a breach. He made and sold child videos.
September 15, 2017
Related Episodes
382. Andy, Amir Odom & DJ CTI: Houston Suspects First Robbery, Germany Operating Hundreds Fake Far-Right Social Media Accounts & FBI Agent Exposing Unjust Persecution Of Conservatives
REAL AF with Andy Frisella
In today's episode, Andy & DJ are joined in the studio by Amir Odom. They discuss a Houston suspect leaving empty-handed after telling a fast-food employee it's his first robbery, Germany operating hundreds of fake far-right social media accounts, and the FBI agent who was suspended after complaining about the exaggerated threat of domestic terrorism meant to harass conservative Americans.
September 23, 2022
91: webjedi
Darknet Diaries
What happens when an unauthorized intruder gets into the network of a major bank? Amélie Koran aka webjedi was there for one of these intrusions and tells us the story of what happened. You can find more talks from Amélie at her website webjedi.net. Sponsors Support for this show comes from IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET25. This podcast is sponsored by Navisite. Accelerate IT transformation to respond to new demands, lower costs and prepare for whatever comes next. Visit Navisite.com/go. View all active sponsors. Sources https://www.foxnews.com/story/0,2933,435681,00.html https://w2.darkreading.com/risk-management/world-bank-(allegedly)-hacked/d/d-id/1072857 https://www.washingtonpost.com/nation/2020/05/18/missionary-pilot-death-coronavirus/ https://webjedi.net/ CLAIM=8f61b1a2cab60fab354cc5b111ea154705b363d3=CLAIM Learn more about your ad choices. Visit podcastchoices.com/adchoices
April 27, 2021
#503 - Brett Johnson - The United States' Most Wanted Hacker
Modern Wisdom
Cybercriminal Brett Johnson ('The Original Internet Godfather'), who defrauded millions and was on the FBI's Most Wanted list, shares his experiences including involvement in the darknet, thoughts on Ross Ulbricht and Silk Road, near-death experiences, long evasion of capture, views on Julian Assange and more.
July 23, 2022
108: Marq
Darknet Diaries
This is the story of Marq (twitter.com/dev_null321). Which involves passwords, the dark web, and police. Sponsors Support for this podcast comes from Cybereason. Cybereason reverses the attacker’s advantage and puts the power back in the defender’s hands. End cyber attacks. From endpoints to everywhere. Learn more at Cybereason.com/darknet. Support for this show comes from Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and get a special offer. View all active sponsors. Sources Court records and news articles were used to fact check this episode. However Marq requested that links to his full name not be made available. https://techcrunch.com/2019/12/19/ring-doorbell-passwords-exposed/ https://www.wired.com/2010/03/hacker-bricks-cars/ Learn more about your ad choices. Visit podcastchoices.com/adchoices
January 11, 2022
Ask this episodeAI Anything
Sign In to save message history