What is PBX hacking?
PBX hacking isn't the most well-known type of telecom fraud, but it is actually one of the most common and significant fraud risks for telcos. A PBX, or Private Branch Exchange, is a private telephone network within an organization that connects the business to an external network, allowing users to share outside lines and reducing the number of lines needed. PBXs have been popular for decades but like most technologies, they have evolved over time. Although traditional PBXs on TDM lines are still common, many PBX systems today are IP-based.
Whether they are IP or circuit based, PBXs are a prime target for voice fraud. They are thought to be an easy target, primarily because users are often unaware of the threat that PBX hacking poses and fail to implement even basic fraud protection. For example, switch vendors use default passwords that are available online and in user manuals. If PBX users do not change the passwords upon installation and configuration, hackers can easily get into their system.
The impact of PBX hacking
PBX hacking is a major fraud risk to telcos and leads to enormous revenue loss. The Communications Fraud Control Association (CFCA) ranks it as one of the five top telecom hacking methods, and one of the top five emerging fraud risks to the telecom industry. According to the CFCA, PBX hacking fraud loss totaled $3.64 billion USD in 2019.
PBX hacking is costly because every service provider in the chain that carries a call to has a legal obligation to pay interconnect fees to the downstream network, even in obviously fraudulent calls. In the past, telcos often saddled the customer with the charges, but consumers have made the case that they do not have the expertise to eliminate increasingly sophisticated telecom fraud. Regulators have accepted the claim that consumers would not sign a service contract if they understood the risk of PBX frauds and their unlimited liability. Therefore, the onus of providing fraud protection falls increasingly on the telephone service providers.
With so many different attack vectors, traditional fraud prevention systems that rely on sampling and pattern analysis have not been very effective in combatting PBX hacking. For example, they cannot distinguish between legitimate peaks in calls to PRNs, due to advertising campaigns and events, and peaks caused by fraud. By the time a fraud is discovered, the evidence of PBX hacking has often been destroyed by natural log cycles in order to save storage space. Even if the evidence is still accessible, the costs have already been incurred. There exist two main scenarios with PBX hacking: pumping of generated traffic through the victim PBX and pumping of natural traffic through the victim PBX.
1. Artificial Inflation of Traffic (Generated traffic ) via Hacked PBX
A hacked PBX may be used by a fraudster to inflate an international revenue share fraud (IRSF) scenario involving artificial inflation and short-stopping of traffic as shown in Figure 1.