Unoffical empeg BBS

Quick Links: Empeg FAQ | Software | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs | Addons: Eutronix | Cases

Topic Options
#372316 - 29/09/2019 14:12 Voip.ms hacked -- massive overbillings happening
mlord
carpal tunnel

Registered: 29/08/2000
Posts: 14178
Loc: Canada
Some details here:

https://www.dslreports.com/forum/r32512300-Voip-ms-Hacked-Voip-ms-accounts

If you use voip.ms, then disable automatic creditcard billing, disable international calling, set very short maximum call durations, and change all passwords (again!).

They did send out a note back in May suggesting people change passwords, but they seem to have leaked them all again since then.

Anyone know of similar alternative services?

Top
#372317 - 29/09/2019 16:05 Re: Voip.ms hacked -- massive overbillings happening [Re: mlord]
tanstaafl.
carpal tunnel

Registered: 08/07/1999
Posts: 5420
Loc: Ajijic, Mexico
Are you sure that the problem lies with voip.ms? Just skimming through the posts on that link, it would appear that "dicodread" might be the only one experiencing a problem at this time, and when he states that his same account has been hacked several times in the past, even after changing passwords multiple times, it makes me wonder whether the problem might be his own security, and not the security of voip.ms.

My VOIP comes as part of a package deal with OOMA. We were one of their very first customers, and are grandfathered in forever at no charge. No problems whatsoever in the last eleven years or so.

tanstaafl.
_________________________
"There Ain't No Such Thing As A Free Lunch"

Top
#372318 - 29/09/2019 20:29 Re: Voip.ms hacked -- massive overbillings happening [Re: mlord]
mlord
carpal tunnel

Registered: 29/08/2000
Posts: 14178
Loc: Canada
No, there are quite a few people posting about it there, more since I originally posted as well.

And those are just the few people who know enough to even find that particular obscure forum.

It really appears that there's been a full hack of voip.ms exposing subaccount passwords. One person even posted (since moderated) details to that thread as to how to view account details for somebody other than oneself. Not sure if that method (or a similar method) can also be scripted to reveal passwords.

I'm likely to simply drop voip.ms altogether now -- Jane is the only one of us who ever really uses the "home phone" here, and she'll be gone in a few days.

Cheers

Top
#372320 - 30/09/2019 01:43 Re: Voip.ms hacked -- massive overbillings happening [Re: mlord]
K447
old hand

Registered: 29/05/2002
Posts: 735
Loc: Toronto, Ontario, Canada
I do use VOIP.MS
Multiple sub-accounts and phone numbers, for two different families in different houses.
Panasonic cordless handsets throughout each house, connected to ObiHai Obi202 ATA boxes.

I have not noticed any unusual billings, charges or call records. I looked back several months.

I will say that actual home telephone service is becoming less compelling as time marches on. The number of people (and the frequency) which I communicate with using genuine telephone calls keeps diminishing.

FaceTime audio calling, or Skype or whatever app, seems to now be the norm for my outgoing ‘calls’. And for many of the people who call me.

For longer duration ‘app calls’ I sometimes use a headset with my iPad or iPhone.

Top
#372321 - 30/09/2019 01:45 Re: Voip.ms hacked -- massive overbillings happening [Re: K447]
mlord
carpal tunnel

Registered: 29/08/2000
Posts: 14178
Loc: Canada
Me neither. Until last night: Balance now -$334.

Top
#372322 - 30/09/2019 01:53 Re: Voip.ms hacked -- massive overbillings happening [Re: mlord]
K447
old hand

Registered: 29/05/2002
Posts: 735
Loc: Toronto, Ontario, Canada
Which password(s) are suggested to change?
Primarily the VOIP.MS web portal login?
_________________________
Former owner of two RioCar Mark2a with lots of extra stuff

Top
#372323 - 30/09/2019 11:15 Re: Voip.ms hacked -- massive overbillings happening [Re: mlord]
mlord
carpal tunnel

Registered: 29/08/2000
Posts: 14178
Loc: Canada
The sub-account passwords: the ones used by the ATA. Whoever is hacking in doesn't seem to be accessing the main portal directly, so they don't seem to be changing settings (or passwords!). But somehow they are acquiring (sub-)account numbers and the corresponding SIP passwords.

But really, yeah, change ALL passwords, and disable their "API" thingie.


Top
#372324 - 30/09/2019 17:09 Re: Voip.ms hacked -- massive overbillings happening [Re: mlord]
mlord
carpal tunnel

Registered: 29/08/2000
Posts: 14178
Loc: Canada
Okay, after a 2-day outage, Voip.ms has reverted the fraudulent charges and my account there once again now shows a positive balance, and the ATA is able to register and place/receive calls again.

Still no mass notification to customers about the hack though, so tell everyone you know about it and get them to change all of the various passwords, disable international calling, and (for good measure) rename/delete/recreate sub-accounts.

Top
#372326 - 02/10/2019 03:46 Re: Voip.ms hacked -- massive overbillings happening [Re: mlord]
DWallach
carpal tunnel

Registered: 30/04/2000
Posts: 3737
Curiously, there have been no fraudulent charges on my voip.ms account. I just turned on their 2FA (time-based auth thing) feature, and it appears that my "API configuration" is disabled. I did change my password as well.

Top
#372327 - 02/10/2019 13:00 Re: Voip.ms hacked -- massive overbillings happening [Re: mlord]
mlord
carpal tunnel

Registered: 29/08/2000
Posts: 14178
Loc: Canada
All of the reports I have seen indicate that they exploit sub-accounts, and only those for which international calling is enabled: possibly only when enabled for the UK, as mine was.

When they hit an account, it is very abrupt, usually overnight Saturday to Sunday. They hit it hard and continuously (with calls) until Voip.ms belatedly disables the account with a negative balance in the hundreds of dollars.

Mine got re-enabled yesterday, with the fraudulent charges all reverted. So, good.

Cheers

Top
#372328 - 02/10/2019 23:46 Re: Voip.ms hacked -- massive overbillings happening [Re: mlord]
K447
old hand

Registered: 29/05/2002
Posts: 735
Loc: Toronto, Ontario, Canada
Originally Posted By: mlord
All of the reports I have seen indicate that they exploit sub-accounts, and only those for which international calling is enabled: possibly only when enabled for the UK, as mine was.

When they hit an account, it is very abrupt, usually overnight Saturday to Sunday. They hit it hard and continuously (with calls) until Voip.ms belatedly disables the account with a negative balance in the hundreds of dollars.

...
Where/what is the upside for the attacker?

Are they calling numbers that somehow generate revenue for the destination number(s)?

Top
#372329 - 03/10/2019 00:18 Re: Voip.ms hacked -- massive overbillings happening [Re: mlord]
mlord
carpal tunnel

Registered: 29/08/2000
Posts: 14178
Loc: Canada
That's my guess. They probably own some "premium numbers" and use the voip.ms account to repeatedly access them, effectively transfefring money to themselves from voip.ms in the process.

Top
#372330 - 03/10/2019 00:34 Re: Voip.ms hacked -- massive overbillings happening [Re: mlord]
K447
old hand

Registered: 29/05/2002
Posts: 735
Loc: Toronto, Ontario, Canada
Originally Posted By: mlord
That's my guess. They probably own some "premium numbers" and use the voip.ms account to repeatedly access them, effectively transfefring money to themselves from voip.ms in the process.
Do your VOIP CDR records show the destination phone numbers?

Top
#372331 - 03/10/2019 12:02 Re: Voip.ms hacked -- massive overbillings happening [Re: mlord]
mlord
carpal tunnel

Registered: 29/08/2000
Posts: 14178
Loc: Canada
Yes, there are a bunch of mostly UK Mobile numbers shown in there. nothing extraordinary on the rates though, $0.37/minute for the most part. So.. dunno what the exact objectives are there.

Top
#372332 - 03/10/2019 13:26 Re: Voip.ms hacked -- massive overbillings happening [Re: mlord]
Roger
carpal tunnel

Registered: 18/01/2000
Posts: 5628
Loc: London, UK
Originally Posted By: mlord
So.. dunno what the exact objectives are there.


Maybe they resell the stolen credit to someone who wants cheap overseas calls...?

As in: pay to use our VoIP service. It's cheap because we've piggy-backed on these stolen Voip.ms credentials.
_________________________
-- roger

Top
#372333 - 04/10/2019 00:18 Re: Voip.ms hacked -- massive overbillings happening [Re: Roger]
K447
old hand

Registered: 29/05/2002
Posts: 735
Loc: Toronto, Ontario, Canada
Originally Posted By: Roger
Originally Posted By: mlord
So.. dunno what the exact objectives are there.


Maybe they resell the stolen credit to someone who wants cheap overseas calls...?

As in: pay to use our VoIP service. It's cheap because we've piggy-backed on these stolen Voip.ms credentials.
Apparently part of the hack is to simultaneously initiate a large number of outbound calls. When those calls eventually hang up, the account is suddenly over drawn.

How to coordinate a bunch of cheapskates to all call their UK friends at the same instant?

Top
#372334 - 04/10/2019 01:12 Re: Voip.ms hacked -- massive overbillings happening [Re: mlord]
JBjorgen
carpal tunnel

Registered: 19/01/2002
Posts: 3545
Loc: Columbus, OH
perhaps it's placing scam calls like the old "Your Social Security is about to be suspended. If you would like to prevent this dial this number: ###-###-####."
_________________________
~ John

Top
#372335 - 04/10/2019 13:14 Re: Voip.ms hacked -- massive overbillings happening [Re: K447]
Roger
carpal tunnel

Registered: 18/01/2000
Posts: 5628
Loc: London, UK
Originally Posted By: K447
How to coordinate a bunch of cheapskates to all call their UK friends at the same instant?


Volume.
_________________________
-- roger

Top