IT Baseline Protection Manual - The Information Warfare Site

Threats Catalogue Deliberate Acts Remarks
____________________________________________________________________ .........................................
T 5.14 Call charges fraud
Numerous reports of call charges fraud by hackers concerning PBX systems
have recently been reported in the press. Such manipulations can be carried
out in various ways. On the one hand. it may be that existing features of a
PBX system can be abused for this purpose. For example, call redirections or
dial-in options which can be remotely programmed are suitable for this. On
the other hand, rights can be granted in such a way that incoming "exchange
lines" occupy outgoing "exchange lines". As a result, when a certain number is
dialled from outside, the caller can be directly connected with the "exchange".
However, this takes place at the expense of the PBX system provider.
Another type of call-charges fraud can be caused by the user himself. By
various means, e.g. making telephone calls from other people's telephone sets,
reading out other people's identifiers (passwords) or modifying personal
privileges, an attempt can be made to make calls at the expense of the
employer or of other staff members.
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000