After-hours IT: A phone hack exposed
<snip>
I work for a midsize business that has many remote locations, each employing several salesmen. Most of them are in their mid-fifties or older, so they use email grudgingly. But both they and most of their customers prefer a phone call rather than the impersonal email, so weaning the sales staff from landlines is not likely to happen soon. Phone bills were high, and the managers wanted us to find a cheaper solution.
<snip>
The next day at 8 a.m., we were back at the offsite location, ready to test everything once more before returning to the home office. At 8:15 a.m., we got a call from the vendor inquiring if we'd had a break-in the previous evening, occurring just after 5 p.m. We were quite sure we hadn't since we'd been standing outside the door talking until 5:15.
He explained that shortly after the system went to night ring, there were 19 calls of 10 seconds or less placed to a number in Africa. Each call was charged at several hundred dollars. Fortunately, the vendor's tech staff were online, noticed the call log, and immediately disabled international calling from that location.
<snip>
It turned out one of the vendor's former employees had stolen and cloned the credentials for one of the phones given to us. Though he was no longer employed by the company, he apparently still had access to monitor the phones, which he used to watch for the same media access control ID to be deployed.
<snip>
http://www.infoworld.com/t/it-jobs/after-hours-it-phone-hack-exposed-199516
This is pretty interesting and worth reading from start to finish. There are some bad people in the world.