How To Get Money Fast Using A Pwned PBX - Patrick McNeil / unregistered436

Many people who deploy SIP for voice or video don't understand the potential security risks. As a result, there are lots of vulnerable SIP devices connected to the Internet that are easily compromised due to misconfiguration or lack of simple protections. This is fairly common knowledge within the security community, but what most don't realize is that you can do more than just make free phone calls - like get rich quick! In this talk I'll discuss...
How SIP compromises occur and who the primary actors are:
How did we get here? Why so many vulnerable devices?
Common discovery and attack methodologies & the weaknesses exploited
The most common attack tools used, backed up by real world data
Where most attackers are coming from, again with real data

After a system has been compromised: Top ways to make money - how and why they actually work:
International Revenue Sharing Fraud - calling a high cost destination and splitting the profits
Toll Bypass - using a PBX local trunk to bypass high per minute rates
Domestic Traffic Pumping - driving traffic to a rural telco to increase payment from inter-exchange carrier
Extortion using a Telephony Denial of Service attack - a quickly rising trend where phone lines are tied up if demands are not met
Time permitting, other top fraud that doesn't require a PBX - Wangiri & SMS SPAM - missed call or text message to a mobile, return call to high cost destination with profit splitting