From: Bob Downey (1/3/94) To: Dave_Martin.LLIX@smtpqm.llnl.GO, Doug_Coffland.LLIX@smtpqm.llnl., CC: ciac@llnl.GOV Mail*Link¨ SMTP ASSIST 93-36 >To: assist-bulletin@assist.ims.disa.mil >Subject: ASSIST 93-36 >Date: Thu, 23 Dec 93 14:54:30 -0500 >From: Pete Hammes > > ><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> > Automated Systems Security Incident Support Team > _____ > ___ ___ _____ ___ _____ | / > /\ / \ / \ | / \ | | / Integritas > / \ \___ \___ | \___ | | < et > /____\ \ \ | \ | | \ Celeritas > / \ \___/ \___/ __|__ \___/ | |_____ ><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> > Bulletin 93-36 > > Release date: 23 December 1993, 2:55 PM EST > >Subject: PBX Fraud Christmas Alert. > >SUMMARY: Telephone company statistics show that PBX fraud activity >rises significantly during the Christmas holiday season. > >BACKGROUND: The International Information Integrity Institute (I-4) >has received reports of recent PBX fraud activity. Historical data >on this subject shows that the dollar amount of PBX fraud incidents >rises during the holiday season when phone system use is at peak >levels. Persons who have gained unauthorized access to a PBX will >sometimes wait to exploit the resource during this period when >demand is high, and much of the PBX owner's work force is on >holiday leave. Intercepted passwords and PINs are rapidly >communicated through the PBX fraud community, and there are >documented cases in which unauthorized charges of over $100,000 >have been in just a few days. > >IMPACT: PBX owners can be held liable for significant dollar >amounts of PBX toll fraud charges. > >RECOMMENDED SOLUTION: Listed below are tips for detering PBX fraud. > >* Ask your telephone security people to scrutinize any suspicious > activity. > >* Check with your vendor to see if you have Direct Inward Service > Arrangement (DISA) or computer controlled support systems for your > PBX. These computer controlled support systems are subject to > possible manipulation by unauthorized users. > >* If you have a DISA PBX, find out what the password management > policy is for the system, and recommend a password change before > the holidays. > >* Ensure that the system is being monitored for suspicious activity > during the holiday period. > >* Consider disconnecting the DISA if suspicious activity is > detected. > >* Obtain the National Institute of Standards and Technology (NIST) > PBX security document, "Private Branch Exchange (PBX) Security > Guideline", NIST Government Contractor Report, NIST/GCR 93-635, > September 7,1993. NIST POC for this matter is Marianne Swanson, > 301-975-3359. > >ASSIST is an element of the Defense Information Systems Agency >(DISA), Center for Information Systems Security (CISS), that provides >service to the entire DoD community. If you have any questions >about ASSIST or computer security issues, contact ASSIST using one of >the methods listed below. If you would like to be included in the >distribution list for these bulletins, send your Milnet (Internet) >e-mail address to assist-request@assist.ims.disa.mil. Back issues >of ASSIST bulletins are available on the ASSIST bbs (see below), >and through anonymous ftp from assist.ims.disa.mil. > >ASSIST contact information: >PHONE: 703-756-7974, DSN 289, duty hours are 06:30 to 17:00 Monday > through Friday. During off duty hours, weekends, and holidays, > ASSIST can be reached via pager at 800-SKY-PAGE (800-759-7243) PIN > 2133937. Your page will be answered within 30 minutes, however if a > quicker response is required, prefix your phone number with "999" >ELECTRONIC MAIL: assist@assist.ims.disa.mil. >ASSIST BBS: 703-756-7993/4, DSN 289, leave a message for the "sysop". > >Privacy Enhanced Mail (PEM): ASSIST uses PEM, a public key > encryption tool, to digitally sign all bulletins that are > distributed through e-mail. The section of seemingly random > characters between the "BEGIN PRIVACY-ENHANCED MESSAGE" and "BEGIN > ASSIST BULLETIN" contains machine-readable digital signature > information generated by PEM, not corrupted data. PEM software for > UNIX systems is available from Trusted Information Systems (TIS) at > no cost, and can be obtained via anonymous FTP from ftp.tis.com > (IP 192.94.214.100). Note: The TIS software is just one of several > implementations of PEM currently available and additional versions > are likely to be offered from other sources in the near future. >-----END PRIVACY-ENHANCED MESSAGE----- > > Sandy Sparks, ssparks@llnl.gov ------------------ RFC822 Header Follows ------------------ Received: by smtpqm.llnl.gov with SMTP;27 Dec 1993 08:39:28 -0800 Received: by pierce.llnl.gov (4.1/LLNL-1.18/llnl.gov-05.92) #254#id AA19586; Mon, 27 Dec 93 08:39:57 PST Return-Path: Received: from aisa.llnl.gov by pierce.llnl.gov (4.1/LLNL-1.18/llnl.gov-05.92) #254#id AA19576; Mon, 27 Dec 93 08:39:54 PST Received: by aisa.llnl.gov (5.65/DEC-Ultrix/4.3) #254#id AA19377; Mon, 27 Dec 1993 08:38:36 -0800 Message-Id: <9312271638.AA19377@aisa.llnl.gov> Date: Mon, 27 Dec 1993 08:38:36 -0800 To: downey1@llnl.gov From: ssparks@llnl.gov (Sandy Sparks) X-Sender: 843468@aisa.llnl.gov Subject: ASSIST 93-36 Cc: ciac@llnl.gov #000# ------------------ RFC822 Header Follows ------------------ Received: by smtpqm.llnl.gov with SMTP;3 Jan 1994 09:22:12 -0800 Return-path: bob_downey@smtpqm.llnl.GOV Received: from icdc.llnl.gov by icdc.llnl.gov (PMDF #3384 ) id <01H78OKUF8RK96W2AP@icdc.llnl.gov>; Mon, 3 Jan 1994 09:21:15 PST Received: from pierce.llnl.gov by icdc.llnl.gov (PMDF #3384 ) id <01H78OKC0CY896W2AO@icdc.llnl.gov>; Mon, 3 Jan 1994 09:20:53 PST Received: by pierce.llnl.gov (4.1/LLNL-1.18/llnl.gov-05.92) id AA00191; Mon, 3 Jan 94 09:21:55 PST Received: from cheetah.llnl.gov by pierce.llnl.gov (4.1/LLNL-1.18/llnl.gov-05.92) id AA00172; Mon, 3 Jan 94 09:21:49 PST Received: from pierce.llnl.gov (pierce.llnl.gov [128.115.18.253]) by cheetah.llnl.gov (8.6.4/8.6.4) with SMTP id JAA23875 for ; Mon, 3 Jan 1994 09:20:36 -0800 Received: by pierce.llnl.gov (4.1/LLNL-1.18/llnl.gov-05.92) id AA00169; Mon, 3 Jan 94 09:21:46 PST Received: from smtpqm.llnl.gov (mckinley.llnl.gov) by pierce.llnl.gov (4.1/LLNL-1.18/llnl.gov-05.92) id AA00159; Mon, 3 Jan 94 09:21:43 PST Date: 03 Jan 1994 09:20:14 -0800 From: Bob Downey Subject: ASSIST 93-36 Resent-to: BILL_ORVIS@QUICKMAIL.llnl.GOV To: Dave_Martin.LLIX@smtpqm.llnl.GOV, Doug_Coffland.LLIX@smtpqm.llnl.GOV Cc: ciac@llnl.GOV Resent-message-id: <01H78OKUHDXE96W2AP@icdc.llnl.gov> Message-id: <9401031721.AA00159@pierce.llnl.gov> X-Envelope-to: BILL_ORVIS@QUICKMAIL.llnl.gov X-VMS-To: IN%"Dave_Martin.LLIX@smtpqm.llnl.GOV", IN%"Doug_Coffland.LLIX@smtpqm.llnl.GOV" X-VMS-Cc: IN%"ciac@llnl.GOV" Content-transfer-encoding: 7BIT ======================================================================