14 DAY TRIAL // Overwhelmed by the number of attacks against PBX systems at the managed service provider where he works, a security engineer has launched a project to gather and and list offending IP addresses involved in VoIP abuse.
"Throughout the course of the day, I got tired of seeing VoIP based brute force attempts that I decided to out companies who sit around and choose to do nothing about the attacks coming from their networks," writes J. Oquendo, the initiator of the VoIP Abuse Project.
"In an effort to make other companies who have PBX servers online aware of the attackers, I will be posting the information of address and companies [from] which these attacks are coming from," he explains.
The term PBX stands for private branch exchange and refers to the multi-line telephone systems used in business environments.
Attackers hack into such systems to make long-distance calls to foreign countries or launch over-the-phone phishing attacks known as vishing.
According to Oquendo, the most common type of attack he sees is brute forcing and comes from systems that have already been compromised.
This kind of attacks are not new. Edwin Andrew Pena, a notorious VoIP hacker, was sentenced last week to ten years in prison for running a scheme that involved stealing more than 10 million VoIP minutes through hacked PBX systems back in 2005.
Last year we reported about authorities dismantling an international phone fraud ring, which operated call centers in Italy and routed calls through hacked PBX systems. The bills were estimated at $55 million.
Oquendo has built a honeypot-like system, which he dubs Arkeos and works with the Asterisk Open Source PBX software.
The application tricks attackers into thinking that they gained access to an account and then monitors their activity; what tools they use, what numbers the try to dial and even the content of the calls they are making.
The blacklist currently contains offending IP addresses and netblocks collected through Arkeos, which runs on between 20 and 30 Internet-facing PBX systems.
However, the VoIP Abuse Project also accepts submissions of similar attack data from people who want to contribute.