Join Us!
We will contact you shortly

PBX Hacking

PBX Hacking Prevention.
Protect from Fraud with AB Handshake.

What is PBX hacking?

PBX hacking isn't the most well-known type of telecom fraud, but it is actually one of the most common and significant fraud risks for telcos. A PBX, or Private Branch Exchange, is a private telephone network within an organization that connects the business to an external network, allowing users to share outside lines and reducing the number of lines needed. PBXs have been popular for decades but like most technologies, they have evolved over time. Although traditional PBXs on TDM lines are still common, many PBX systems today are IP-based.

Whether they are IP or circuit based, PBXs are a prime target for voice fraud. They are thought to be an easy target, primarily because users are often unaware of the threat that PBX hacking poses and fail to implement even basic fraud protection. For example, switch vendors use default passwords that are available online and in user manuals. If PBX users do not change the passwords upon installation and configuration, hackers can easily get into their system.

The impact of PBX hacking

PBX hacking is a major fraud risk to telcos and leads to enormous revenue loss. The Communications Fraud Control Association (CFCA) ranks it as one of the five top telecom hacking methods, and one of the top five emerging fraud risks to the telecom industry. According to the CFCA, PBX hacking fraud loss totaled $3.64 billion USD in 2019.

PBX hacking is costly because every service provider in the chain that carries a call to has a legal obligation to pay interconnect fees to the downstream network, even in obviously fraudulent calls. In the past, telcos often saddled the customer with the charges, but consumers have made the case that they do not have the expertise to eliminate increasingly sophisticated telecom fraud. Regulators have accepted the claim that consumers would not sign a service contract if they understood the risk of PBX frauds and their unlimited liability. Therefore, the onus of providing fraud protection falls increasingly on the telephone service providers.

With so many different attack vectors, traditional fraud prevention systems that rely on sampling and pattern analysis have not been very effective in combatting PBX hacking. For example, they cannot distinguish between legitimate peaks in calls to PRNs, due to advertising campaigns and events, and peaks caused by fraud. By the time a fraud is discovered, the evidence of PBX hacking has often been destroyed by natural log cycles in order to save storage space. Even if the evidence is still accessible, the costs have already been incurred. There exist two main scenarios with PBX hacking: pumping of generated traffic through the victim PBX and pumping of natural traffic through the victim PBX.

1. Artificial Inflation of Traffic (Generated traffic ) via Hacked PBX
A hacked PBX may be used by a fraudster to inflate an international revenue share fraud (IRSF) scenario involving artificial inflation and short-stopping of traffic as shown in Figure 1.
Picture 1 – Artificial Inflation of Traffic via Hacked PBX

In this case fraudster generates the traffic through the victim PBX. Generated traffic never reach real B-numbers end users. The fraudster short stops the traffic in the cloud of international carriers thus trying to route the payment flow from victim service provider to unethical carrier it cooperates with.

2. Fraudulent Routing of Traffic via Hacked PBX
A hacked PBX may be used by a fraudulent international transit carrier to illegitimately route legitimate traffic, as shown in Figure 2. Note that in this scenario the real phone calls from end users of originating service provider are routed through the compromised PBX, then reaching real end users. This kind of attack is very difficult to detect because it has natural origin.
Picture 2 – Fraudulent Routing of Traffic via Hacked PBX
From the terminating service provider point of view the traffic it terminates is fully legitimate because its end users receive calls, they talk. So the victim service provider will inevitably pay for this traffic.

The only way to effectively combat PBX hacking and prevent the enormous loss of revenue is to detect the PBX hacking as it happens. The only system that has the capability to do so is AB Handshake.

A community approach to fraud prevention

In the past, PBX hacking pitted telcos against one another, with each company in the chain trying to pin costs on the other. There was no incentive for telcos to cooperate to fight fraud. AB Handshake has changed the dynamic and turned fraud protection on its head by creating a community of businesses that use a common ‘handshake’ to validate each and every call from both ends. The originating operator sends a verification request directly to the terminating operator, and the terminating switch sends the call details to the terminating call registry. If the call is not verified at all points, it is automatically identified as fraudulent in real time and blocked before costs are incurred.

There is no way for PBX hackers to circumvent the AB Handshake – it efficiently detects both types of PBX hack described above. AB Handshake works with all types of networks including both IP and TDM PBXs, eliminating the threat of PBX hacking altogether for companies that have joined the network. As more companies join the AB community, telcos will essentially become “immune” to all types of telecom fraud.

Learn about other fraud types we protect from:

Request call flow diagram
Download White Paper
We will send it directly to your email