For anyone who hasn’t seen the movie WarGames, you may not know what war dialing is. Some of you might know about war dialing, but wrongly assume that it’s an outdated hacking method that doesn’t even work nowadays. Either way, I encourage you to check out this information-packed article on war dialing and how it can affect network and computer security even today. The truth is, war dialing is still a threat. The nature of the threat has just changed a little.
Aspiring IT security experts should be well-versed in war dialing. It’s an old technique, some may even say ancient. But it still happens today, and with the rise in Voice over IP telephone systems (VOIP systems), war dialing may even be making a big comeback.
In the late ’80s and throughout most of the ’90s, war dialing was a constant threat to IT systems worldwide. The Internet was still in its infancy, and computer security concepts were even younger. War dialers of the day would exploit company telephone and private branch exchange (PBX) systems, breaking inside the organization to steal data or map the internal networks. These early attacks and the attackers themselves utilized war dialing tools such as THC Scan.
THC Scan was an old-school DOS program, that allowed attackers a fair degree of automation. With this tool, attackers could automatically dial telephone numbers from a predetermined range or from a list of specific telephone numbers. THC Scan was also able to detect voice message systems or answering machines. Often, attackers would pair THC Scan with another tool, THC Login Hacker. Both tools in tandem allowed an attacker to war dial a set of telephone numbers and then try to brute force or password guess the modem, voice mail, and PBX passwords that had been set. Often, these passwords were extremely short and easy to guess. Many times the passwords had not been changed from their default manufacturer set values.
As time went on, and the field of computer security began to mature, the rate of war dialing attacks began to drop. It’s now considered a legacy method of hacking, and is pretty rare to see security professionals discuss it. Mostly, war dialing has been forgotten. But it shouldn’t be, because it’s still a very dangerous method of attacking computer systems. Why?
Because, even after almost 30 years, war dialing is still pretty effective. And with more people now working from home and connecting to the internet for work, this type of attack, well, still works.
Remember, a war dialing program can be set to systematically dial thousands of telephone numbers. These programs will dial again and again, searching for modems or other telephony systems that answer.
New War Dialing Tools
With the rise in Voice Over IP (VOIP) telephone systems, war dialing has made a come back. There are a host of new tools attackers are using to continue their assault against computer networks. Security professionals need to be aware of these new war dialing methods. Penetration tests (both black, white, and grey box) should include war dialing as a part of the security audit or vulnerability assessment. If your network has any sort of security hole or vulnerability through a networked telephone system, you want to find out about it before the bad guys do.
Remember, war dialing isn’t just about hacking modems anymore (even though that’s still a part of it). Nowadays, war dialing is about hacking VOIP systems. VOIP systems are just telephone systems that are hooked up to the Internet and not a dedicated phone line. That means, the computers, servers, and wireless access points will often share the same ethernet cables that the telephones do.
Windows War Dialing Tools
Telesweep is a free modem vulnerability scanner that you can grab from the SecureLogix website. Telesweep is like an updated version of THC Scan, but with more features and updated methods of attacking VOIP systems.
SecureLogix offers TeleSweep as a free download. Security professionals can configure it to to dial corporate telephone numbers and report the number of modems connected to these lines. Modem connections are often weakly configured, or left at their default settings. These modem connections are often a forgotten (and dangerous) backdoor to the inside of your LAN. Malicious hackers and other outside intruders may use tools such as Telesweep to gain unauthorized access into your network.
VOIP War Dialing
VOIP telephone systems are all the vogue now. However, the newest technologies often aren’t the most secure. Security can lag new technology. VOIP allows telephones and computers may share the same physical network cables, switches, and firewalls. It is a breakthrough in cost-savings and ease of use. Now, companies don’t need dedicated phone lines. They can simply route all the voice and data through the same hardware. However, because of this, hackers are reviving war dialing and are developing new tools to war dial more effectively than ever.
Warvox War Dialing Software
WarVOX is a war dialing program for Windows. It is a suite of tools for exploring, classifying, and auditing telephone systems. Unlike normal war dialing tools, WarVOX does not use a modem directly, and can instead be run directly from Windows. Because of this, WarVOX can discover a large range of interesting voice lines, including modems, faxe machines, voice mail boxes, PBXs, and VOIP systems.
War Dialing Prevention
It’s not enough to just know of war dialing. IT security professionals need to know how to safeguard and protect against war dialing attacks. Luckily, there are a lot of war dialing countermeasures you can implement to prevent against this sort of attack.
Let’s start with the basic prevention methods:
1. Change all default passwords for any VOIP, PBX, voice mail, backup modem, or fax machines you may have connected to your network. This step is crucial, and it should be the first one that you take when securing VOIP and other telephone systems. Most modems and VOIP systems have default passwords already set. Make sure you change them, and make sure they are long and difficult to guess. Ask yourself, would my password appear in a hacker’s dictionary file? Would it be simple enough to guess or brute force? If so, change the password to something more difficult.
2. Check for updates and apply security patches as soon as possible. Make a list of all your VOIP, modem, fax, and other telephony hardware. Check the manufacture websites for updates, and you’re on your way to a more secure network.
3. Conduct a manual reconnaissance of your network. You should regularly scan your own network for modems and telephone systems. Perform war dialing against your own external telephone numbers, anything that could potentially dial into your own network. Be proactive! Make a baseline of every device you find and keep track of it. Often times, employees will bring in their own modems and connect them to the company network so they can bypass web filtering. Watch for this!
4. Log all successful and failed login attempts. Modern modems and VOIP systems should allow you to monitor logins. Make sure you enable this feature and store the logs on a central log management system with something like Kiwi or Splunk.
5. Use VLANs to segment voice and data. You’ll need to be using web managed switches and fairly new firewalls to implement this feature, but it’s by far one of the most secure and comprehensive ways to prevent war dialing attacks from infiltrating your network. Using VLANs, you can logically separate your voice communications from your data communications, while still allowing both to run on the same network cables and hardware. With proper VLANing, even if an attacker war dials into your phone systems, the attacker won’t be able to see your data nodes (such as servers and desktops.)
6. Lastly, you can take a look at the Sand Trap tool. Sand Trap can be configured to monitor for any war dial attempts and even answer those dials. Sand Trap can log the caller ID and provide a login banner and password prompt for the dialer. This is an awesome tool that can act as a barrier between a war dialer and a telephone or modem system. However, it won’t work with every telephone device out there, so check it out before committing to it.