As a practical matter, on anything that can generate endless billings, there should be a dumb trap that compares current usage to history (last month) and if usage exceeds 2/1 or 3/1 for instance then usage is choked or denied enough to cause the user to complain or perhaps generate a message to call customer support, (or call your cell phone!)
Then if it is valid, raise last month's reference enough to let current calling continue. If it isn't valid you have found a problem and saved your or your customer's caboose. As to who to complain to, gather all info possible and report to everyone you can find. Someone may investigate, but there isn't likely anyone who will absolve the problem. Some will just take the report and ... as far as you are concerned, do nothing. There isn't much a local police dept. can do about a hacker in Western Slobovia cracking your server. Generally the FBI doesn't take matters of less than $10,000. But it sounds like you may meet that test. But they could take months or years or never finding the culprit and finding the culprit will likely net you nothing financial for you will be 1/10,000 of the fraud they did. This is a problem like spam in email. But this has cash costs to the server operator/customer. Passwords need to be un-crack-able, and there should be usage alarms, as described above. Depending on the situation even a single counter to your upstream billable sip server for all usage would likely trip on excessive usage and save your bacon. Cary Fitch -----Original Message----- From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Jeff LaCoursiere Sent: Thursday, October 14, 2010 8:11 PM To: asterisk-users@lists.digium.com Subject: [asterisk-users] fraud advice Hi, Embarrassed as I am to write this, I am hoping for some advice. One of our very first PBX installs, now six years old, was "taken advantage of" over the past few weeks. A victim of sipvicious, I assume, that managed to guess one of the SIP passwords. 4000 calls to various middle eastern destinations have been placed, which ended up being sent over our customer's PSTN trunk, and of course there was no warning until the bill came today. Unfortunately the bill only covered the first few days of this fiasco, and was only $700. I am afraid the one that is on the way will be tens of thousands. ONE CALL on the bill that just arrived was $200 (80 minutes to Sierra Leone). I'm sure this started out as a single scan. It must have been posted, because I have at least ten IP addresses now that were placing calls via the same peer. They are from all over the world. So what is the accepted procedure? I'm in the US Virgin Islands, so do I go to the FBI? Police? Is their some telecom fraud body to report such things to? Does any one ever get any relief from such events? I'm basically sick to my stomach right now. j -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users