PBX system hacking

There are reports of hackers gaining access to large law firms’ PBX systems and using one of its phone lines to route through international calls at charge to the firm.

A private branch exchange (PBX) is a telephone exchange that serves a particular business or office, as opposed to one that a common carrier or telephone company operates for many businesses or for the general public.

Hackers are accessing the system externally masked as ‘line services’. They then get into the system and try and a find a phone line on the network without a pin or will crack and easy pin to access the line.

The hackers will then divert calls through the line to make toll calls at the firm’s cost.

Some may advertise for cheap calls around the world of which the firm then fits the bill for. The hackers often do this on Friday evenings so that the calls are made over the weekend.

Some firms are arriving on Monday morning to find that their phone accounts have racked up hundreds of thousands of dollars in international phone calls that have been routed through their phone line.

Some telecommunications businesses will monitor lines for an increase in volume of calls and notify you to get the line blocked.

To be safe:

  • Make sure there are security service contracts in place and that they are updated and maintained regularly.
  • Change the pin on phones regularly and try to avoid simple pin number sequences. e.g. 1234, 9999