Slashdot Mirror
FBI Vaguely Warns of Asterisk Vishing Vulnerability
coondoggie writes in to let us know about a fraud alert issued by the FBI's Internet Crime Complaint Center, warning that an unspecified bug in unspecified versions of Asterisk IP PBX software could allow criminals to generate "thousands of vishing telephone calls to consumers within one hour." PC World checked with Digium, developer of Asterisk, and found some puzzlement as to what bug the FBI had in mind. "In March, researchers at Mu Security reported a bug that could allow an attacker to take control of an Asterisk system. Digium wasn't certain what vulnerability the FBI was referencing in its advisory. However John Todd, the company's Asterisk open-source community director, believes that it was probably this March bug. That vulnerability 'basically allowed you to take over the account of one individual,' he said. ... However, the attack described by the FBI would be extremely hard to pull off, Todd said." Update: 12/09 02:54 GMT by KD : Digium has put out a statement on the IC3 warning (further details), confirming that what the FBI had in mind was an old bug and difficult in the extreme to exploit.
Sigh.
It's $300k before the FBI gets involved. The OP is an idiot, and should have contacted his local police or state bureau of investigation. Believe it or not, not everything is a federal problem. You wouldn't call the FBI if your car was vandalized, or if your neighbors were fighting really loud, so why would you call them for this?
If the local people get enough calls about it, they'll route it to the FBI when it gets over $300k.
Maybe not