An important reminder to set up a password on the Message Manager's mailbox (ext. 998) when you install a Panasonic voicemail (or any other for that matter).

I showed up at our office on Monday AM and noted that our VM system was constanting dialing out a few times a minute. Being a geek, I whipped out my laptop, logged onto our voicemail system and noted that, indeed, it was dialing three international numbers 2-3 times a minute! I found a rouge mailbox had been created, then setup with autoforwarding of messages to three international numbers. I killed the mailbox and the dialing stopped. A short time later, one of our staff had one of his office voicmails forwarded to his cell phone, as it should. Weird thing was that one of the prompts had been hacked. Some very foriegn sound guy left a long message that would be heard if the voicemail system attempted to deliver a message to a remote number. Really weird. Turns out the international numbers were in Manila.

All of this was made possible by dialing into the Message Manager's mailbox from a standard remote touchtone phone. This guy/gal really new what they were doing. It's hard enough to program these things using Hyperterminal, can only imagine using touchtones. Good news is that only 2 of the hundreds of attempts were answered. Called SBC and got out of extra charges. They noted that most companies don't figure this out until they get their next bill with a few grand of international tolls.

see if you can get the call history (coming in) and try and narrow down when it happened and do reverse lookup on the number. I hope it is in this country. It really would be weird that someone, out of this country, could make this one call and hack your VM system.

Panasonic has issued a warning about that problem. It is a good idea to change the password frequently and warn your customers about this potential problem, Verizon still holds the customer responsible for the charges

This exact thing happened to us on our TVS-50 about 3 weeks ago. The hacker has been nicknamed the "The Sniper" by Panasonic and/or the FBI. He also got in via the message managers mailbox.

I happened to be in the office when he was recording a new message late one night. I cut into the line using "executive busy overide" and heard him rapidly programming the system on that call. He is an EXPERT and rips through the prompts and menus to do his work.

Ours was calling the same Manila phone numbers probably. His message was quite funny. He sang a cheesy love song in broken english and then proceeded to talk Philipino for the rest of the message.

He also changed prompt 690(I think) which plays on remote message delivery.

Are you a CEDIA member company listed on their website? I think he dials those numbers and has a high probability of getting a Panasonic voicemail system.

We still get "Out of Area" calls and then hangups when we answer. I think they are looking for the voicemail prompt.

and I thought only women used rouge....

does that make the mailbox look approximately like an old barn in color? Or, for you in Canada, England and Oz, colour?


Ah, another wonderful benefit of being a CEDIA member!

You mean we should have mailbox 998 and 999 password protected so someone can't take complete control of our voice mail systems? Say it aint so! Next thing you know you're going to be telling me I should have my network protected so anyone from the outside can't take control of it. But thank God I can still leave my doors unlocked when I leave home. I can still do that, can't I?

p.s. Should I password protect my customers voice mail systems too?

p.p.s. It is OK if when a customer gives us a key I make copies of of it for all of my employees though, right? Including recently terminated ones?

You must password 999 and 998. 999 has administrative rights over 998.

George, EXACTLY the same thing. Changed prompt #690, weird Philipino message was recorded in its place. We did look at the log and traced the numbers to Manila. What I don't get is how he's profitting from this. Only 2 calls out of hundreds were completed (he hit us over a weekend). He set up Class Of Service to allow remote call forwarding (so he could complete calls on our dime) yet seemed to simply be forwarding messages to remote numbers. The only way someone hears #690 is if the VM calls a remote number that has VM and no one answers the call. The remote VM owner will hear #690, which normally offers to put the call on hold. Yes, we are a CEDIA member and we're on their website. VERY interesting.

ROGUE. 2,700 posts?! Do you actually do work? Or just post snide spelling corrections?

I feel like I've walked into an unfamiliar watering hole and am getting sh*t from the regular drunk at the end of the bar when I try to order a Miller when they only tap Bud. Just an observation, but lame posts like the above help explain why this site has so few regular contributors.

It's in fun. Yes it was sarcastic but if you expect to come on and admit that you are in the business and don't even have your own voice mail system password protected, don't expect not to have your balls busted. It's the equivalent of an IT pro going on an IT site and saying "hey guys, I didn't have a password on my computer and someone logged on to it when I wasn't looking and read my personal E-mail so make sure to password your PC".

And you're welcome for informing you that protecting mailbox 998 won't do a damn thing. That might have given you a clue we are here to help even if we have some fun in the process.

And the site has a lot of excellent regular contributors. Maybe if you particpate you'll discover that and you won't take a little ball busting so seriously. Hell, you couldn't even handle a harmless joke from Ernie. And ya, it's easy to have 2700 posts and have a life. He has passwords on his stuff so it gives him extra time to not have to deal with people taking over his systems. Thanks for your concern for Ernie though.

This message was edited by QQQ on 02/19/05 11:41 ET.

Exactly who voted you "Ball Buster" and Ernie "Spell Checker"? Does this come free with 1000 posts? Yeah, in hindsight it was really stupid to not have PW's on 998 & 999 (knew about 999, omitted this from post), but how constructive is it to play MMQB and point out the obvious? This is "fun" to you?


Yes, this is often a good source for info, but there's no way there's more than 50 regulars in this forum. Considering how few outlets there are for discussion and how big our industry is becoming participation here should be much stronger.


So, I call you & Ernie out on the tone of your"contributions" and I'm the one with the problem? Fixing our issue took 15 minutes. Can you imagine how much time you guys have spent posting AND replying here? And what percentage of that time was spent making useless comments like you have here? I just read a reply from Ernie a few posts down from this one where he laments someone's use of "betcha" instead of "bet you." He couldn't find anything more productive to do at that moment than to post that?!

HEY! Don't diss my partner in life Ernie. I should have known when you admitted you didn't passcode your TVS50 that you were a gay basher too.

This message was edited by QQQ on 02/19/05 15:09 ET.

Tnova,

COuld have been worse, a client could have sued you....and won.

Assuming the client manages the system once it's installed, they'd be responsible for maintaining their own passwords. Those that don't, yes, you'd at least be ethically culpable to the extent they incurred $$ losses. Establishing your legal liability is another matter. If they don't have a valid service agreement with you I don't know that this would be an easy case.