After-hours IT: A phone hack exposed

Burglars? Ghosts? A tech team can't figure out who's behind phantom overseas calls following seemingly perfect VoIP install

IT pros, take heed: No matter how perfect your installation may seem, there's always a lurking security hole you didn't anticipate, as I learned during an otherwise pristine VoIP implementation.

I work for a midsize business that has many remote locations, each employing several salesmen. Most of them are in their mid-fifties or older, so they use email grudgingly. But both they and most of their customers prefer a phone call rather than the impersonal email, so weaning the sales staff from landlines is not likely to happen soon. Phone bills were high, and the managers wanted us to find a cheaper solution.

[ The IT job landscape changes quickly. Here's how to avoid being one of these 9 most endangered species in IT. | Follow InfoWorld's Off the Record on Twitter for tech's war stories, career takes, and off-the-wall news. | Subscribe to the Off the Record newsletter for your weekly dose of workplace shenanigans. ]

Off the Record submissions

We started with one location, did our research, found a vendor, and were ready to make the leap from copper POTS lines to VoIP. The initial tests showed a much clearer voice transmission, since our warehouse was in a historic part of town, where the copper trunk lines and junction boxes were very, very old. (I swear I saw one with the initials A.G.B. inside!)

If all proceeded as planned, by using an Internet connection we could peel several channels off for voice while also beefing up our Internet speed. We could easily save hundreds of dollars a month, with the potential for more if we added other locations to the network.

Day one: We arrived at the offsite location and began unpacking new handsets and installing them. These handsets worked off the same CAT5 cable that connected to the desktop computers.

We had been fortunate to purchase VLAN-capable switches when we recabled the building a year before, not realizing how soon we'd need the functionality. We had to run a few new CAT5 drops to supply a couple of desks that were used for truck drivers and the lunch room where no PC existed at the time, but that wasn't really a problem and was quickly remedied.

Lunchtime came and the rollover from copper was under way. There were the normal glitches that pop up anytime new handsets are deployed -- mostly due to people who don't like change -- but nothing major.

The rest of the afternoon was spent in minor instruction mode to acquaint the users with the various functions of the new devices. New recordings were made for busy lines, voicemail, out-of-office and after-hours rings. One phone was located in a common area that was to be open early in the morning with little supervision, so we made sure to have the vendor block long-distance calling on it.

The rollout seemed to progress well, and the end of day came. We were tired; we'd left our office at 4 a.m. to be at this office at 8 a.m. But we were satisfied, telling each other that things were going better than we had anticipated.

1 2 Page 1
Page 1 of 2