Author: DrVoIP

Peter S. Buswell (aka DrVoIP) is a rare blend of C-level executive leadership and deep technical expertise in telecommunications and cloud infrastructure. With a career that began at AT&T in 1970, he has founded and led multiple industry-defining companies, including Dextr.Cloud—acquired by AWS Global Partner CloudHesive. Peter has held senior roles at firms like Exxon Enterprises, Intervoice/Brite, and Franklin Telecommunications, and has consistently driven innovation from traditional PBX to Amazon Connect cloud deployments. A hands-on architect with certifications from Cisco (CCNP/CCDP, UCCX/UCCE) and AWS (Solutions Architect, Developer, SysOps), he combines strategic vision with engineering precision. Known as DrVoIP, he continues to bridge the gap between enterprise goals and technical execution in today’s evolving cloud communications landscape.

Deploying VoIP in the Cloud or rolling your own “hosted PBX” – Part 1 Server Deployement

Posted on by DrVoIP
The entire subject of Virtualization and all things “cloud” has become something that even none technical people talk about.    You might say it has gone “viral” and captured the interest of geeks, business people, professional technology managers and entrepreneurs.   Personally, I never did get the whole fascination with hardware.  In my mind hardware was just something we had to put up with to get to play with the software.   When you stop and think about it, aside from the IT folks, nobody wants a Windows 2012 Server!  What they want is a Website,  a CRM package, a blog or a phone system.    Having to deal with hardware was always a chore and it always seemed to me that whatever we had was obsolete within a year or so.   The software could be upgraded, but the hardware had to be “refreshed” an expression that generally means, purchase new stuff!

Virtualization made hardware a bit more interesting.  Now we could at least run a half dozen servers on one huge hardware platform.   Back up and Restore became almost fun!  Now you start adding virtualized appliances like phone systems, gateways and firewalls to the mix and software professionals get almost giddy!     I think VMware has caused more new business creations than any other single “stimulus” package.  Now, even a guy working out of his garage could compete with the big guys!  Capital requirements were significantly reduced and new cloud based business could launch at the drop of a hat and the signing of a sales agreement!   Internet bandwidth, access, creativity and an Amazon account and you were in the revenue production business!
Unless you are in the business of refreshing hardware, why would you want to bother with any of that hardware stuff?   How long does it take your IT team to spin up a new server?   Even if you are a one man show and you can control everything without benefit of a working committee, it takes time to setup a server!   Some organizations take weeks to provision a new server!  Now if you happen to have an Amazon account, even your plain vanilla book buying Amazon account, you could spin up a new Linux or Microsoft Server in about 15 minutes!   With your “Amazon machine instance” you get a security group (read firewall) for your public IP address, a DNS name and a local network all in less time than it takes to unbox and rack a new hardware based solution.The Amazon portal lets you change the configuration of your instance on the fly.  This means you can increase disk size, RAM, change bandwidth and update your firewall without a screw driver!  Think about it, fully operational on net with pubic IP access in less than 15 minutes.

Now that 3CX, ShoreTel, Mitel  and so many others offer Gateways that are “virtual” machines, you could actually spin up a “hosted PBX” in just a few hours!   We though we would try it just for kicks!  Log into AWS spin up a new Windows Sever and deploy ShoreTel or 3CX completely virtualized, including SIP trunks, Border Controllers and Remote phones both Hard and Soft.    Should be hilarious!   (Thanks to winter storms back east, we just brought up a  169 users system, across three states and had the client fully operational in 12 hours from the emergency phone call to the DrVoIP hot line).   This first video clip just deals with provisioning the server.  In subsequent versions we will bring up an entire phone system and you can watch over our shoulders!

How to install the ShoreTel Virtual Switches!

Posted on by DrVoIP
Virtualization has significantly altered the options available for your choice of deployment models.  With the introduction of ShoreTel 14.2 you can completely virtualize your VoIP deployment right down to the Gateways!  If you have no Analog telephone device requirements or telephone company lines,  you can now eliminate those ShoreTel Orange boxes!  This is a significant advancement in the state of the art and one that will become increasingly more prevalent as we look for viable business continuity strategies.     The ShoreTel virtual switches come in a number of flavors:  Service appliance, phone switch and trunk switch.   The Virtual appliance is similar to the ShoreTel SA100/400 server and is essentially a free feature enhancement!  The ShoreTel Virtual Phone switch can also be used as the “spare” switch available for use by phones that need to register with a new switch when the ShoreGear switch they were using fails.  Again, no cost associated with this unless you leave them on that virtual switch for longer than the normal 45 day grace period.
The VoIP technology in general has become more complex demanding new skill sets from those who install them.   In addition to the telephony, network, firewall, SIP and Microsoft software applications that historically touch your ShoreTel deployment, you will now need to understand VMware ESXi deployments including the use of OVA files.   The ShoreTel Virtual switches are now distributed as a part of your HQ and DVM server images.  They live in the FTP server and can be retrieved in one of two ways.  You can either download the image file when you configure your appliance in the Shoreware Director portal, or you can load it as a URL in the VMware machine configuration as the target for your OVA file.
If you are familiar with VMware, the installation process is relatively simple, straight forward and easy to understand. Once the machine is specified the Vmware configuration is as simple as adding the basic network IP components including the address of the Shoreware HQ server.   The machine will ultimately configure, load and become available as a virtual machine on your ESXi platform.   From that point on, there is little difference to the installation of a virtual appliance or a real ShoreGear switch in Shoreware Director.   The basic difference has to do with the selection of the hardware platform type.  Normally you would select an SA100 or a ShoreGear 50, for example.  In the case of a virtual appliance, you will select a new category from the drop hardware list, that indicates what type of appliance you are installing.  The rest of the configuration is the same.  The virtual appliances behave like the normal orange” boxes,  even requiring a firmware upgrade.   They appear in both the Diagnostic Monitoring and Quick View and in all respects operate like their real world hardware brethren.
We should all understand that those little orange boxes contain application specific microprocessors or digital signal processors (DSP’s).  The real heavy lifting normally done by those chips for CODEC work, for example, will now be done in software.  Additionally, don’t make the mistake of deploying virtual appliances at sites logically, without understanding that the VMware hardware platform location is just as important on over all performance as ever!   All and all this is a major step forward for ShoreTel and you can expect these virtual appliances to become a standard part of your deployments over time.    The video clip reviews the actual installation of both a phone switch and a service appliance!
 
Note – The ShoreTel news here is that the actual Voice Gateways are virtualized, not just the application, but the Gateways!

ShoreTel V14 Real-time Diagnostic and Monitoring Dashboard

Posted on by DrVoIP
I am found of repeating that “product development is a process not an event”!   Though the marketing folks need to package, position and promote products based on feature sets, generally products emerge over time.   Building on previous releases, customer feed back and recommendations, products continue to emerge with new functionality.    Most product development focuses on features that have market demand or differentiate one product from another.   Occasionally, a new product feature is targeted at someone other than an end user.   Engineers and Technicians are typically the last group of people to get a feature developed that makes their lives a bit more easy.   Such is the case for ShoreTel Version 14 and the introduction of  a “Diagnostic and Monitoring” tool!
The latest Version of ShoreTel has added a capability that we think is essential in iPBX technology as SIP becomes more of a standard.   If you have ever attempted to trouble shoot SIP without the ability to do packet capture, you will know how valuable this feature set is.    CISCO long ago had RMTM tools as a standard part of a Call Manager deployment.   ShoreTel has now added that functionality to its standard product offering and it is dramatic!   Now part of the ShoreWareDirector user interface, the Diagnostic Monitoring tool is a complete glass cockpit with a variety of monitoring tools.  These tools include real time status updates of system  areas including connections, trunk groups, bandwidth utilization, voice quality, switch status and service conditions.   Combining “Quick View”, with other tools that previously required loading  modules or a putty session,  the Diagnostic Monitoring center is a self navigation center for trouble shooting.
We are particularly excited about the “remote packet capture” feature of the Diagnostic tools.    This tool enables you to remotely capture packets and bring them to a local pcap file.   You are offered the opportunity to capture everything or limit your capture to specific areas of interest.  For example, if you want to capture only SIP packets related to the ShoreGear switch you are running your SIP Proxies on, the diagnostic tool set lets you select these options.  The files are WireShark compatible and if you have that application on your server, a simple click will launch the application and bring up your capture for analysis.   This is a very power capability and simplifies some of the issues associated with setting up WireShark for remote capture.   We think this feature set was long over due, but we are just mere engineers, what do we know!

ShoreTel Version 14.2 is “Virtually there”!

Posted on by DrVoIP

We have previously argued that ShoreTel should shed the hardware business and focus on software development only.  Just our opinion and personal hangup!  We believe that unless you have the Market Capitalization of an Apple, it is hard to walk both sides of the street and do both Hardware and Software!   Even Microsoft, does only Software!     Well ShoreTel may in fact be moving to Software only through the introduction of a family of “virtual” machine offerings.   Though versions prior to Version 14.1 offered some level of Server virtualization,  ShoreTel deployments would still require lots of those “Orange” ShoreGear switches.

On January 28th ShoreTel will begin to ship the first release of Version 14.2 and all components of the ShoreTel architecture will be virtualized!   This means that you don’t need those “Orange” boxes unless you are connecting to analog or digital trunk lines!   ShoreTel Switches including Conferencing servers will be available as OVA files for VMware deployments.    ShoreTel will begin to offer  a virtual phone switch, a virtual service appliance and a new family of virtual SIP Switches with complete PRI parity.  The ShoreTel compatible Ingate SIParator will also be available as a Virtual Session Border Controller.   Licensing can be significantly reduced to a phone or trunk license, now how kool is that?

The ShoreTel virtual phone switch will support between 250 and 1000 phones based on calculated VM resources.  The virtual phone switch will will support all ShoreTel features including backup automated attendant, make-me-conferences, hunt groups, bridged call appearances and extension monitoring.  Pricing is estimated at 8-15% below the cost of another “Orange” box and you can mix and match virtual and real boxes! The virtual SIP trunk switch is estimated to be some 50% below “Orange” box costs!  The virtual service appliance will offer IM and Web conferencing from 50-200 simultaneous sessions.  Instant Messaging is now without charge from ShoreTel when implemented on a virtual server,  just your usual VMware hardware costs!

We consider this the strongest move that ShoreTel has made in its product line, since it moved from analog phones to SIP handsets!  Though ShoreTel is following the examples of others like CISCO Version10, we see this a the right next step in the process for ShoreTel product development.   With the enterprise world solidly focused on virtualization and the rapid but steady migration from TDM to SIP, a Virtualized ShoreTel is an essential element of a successful business continuity and disaster recovery program.    ShoreTel is starting to look an awful lot like a pure software company and we think that is not only “brilliantly simple”, but very smart.

– DrVoIP

ShoreTel Stock Update – Should Mitel and ShoreTel Merge?

Posted on by DrVoIP
Back in the summer we did a blog on ShoreTel from a Shareholders perceptive.    There were a number of issues troubling us which did not seem to make sense and for which we, as outsiders, could not fully appreciate.   Having purchased ShoreTel (NASDAQ: SHOR)  at the IPO price of $10 a share, the stock was trading at about $3 this summer and had not yet found its bottom.    We questioned why Management was in such as shambles with key players jumping ship, many for competitor Mitel.   They were again in the process of doing yet another CEO search and had lost their VP of Marketing and several key sales executives had also migrated over to competitor Mitel (MITL) Corporation.    We were also frustrated at the acquisition of a  “hosted” PBX company that could not even make use of ShoreTel phones.    These were very mixed messages and we were as  you might suspect very bearish on the stock!
Less then six months later many of our concerns were addressed and the stock price at $8.45 seems to have rebounded, but still trades below the IPO price.    ShoreTel now has a new CEO, Donald Joos, promoted from within the ranks, and with considerable credential.  Today they announced that they had filled their long vacant  VP of Marketing role with that of Mark Roberts, a former Mitel Executive, no less!   (Mitel responded by announcing that it had hired 15 year ShoreTel Vertical Sales Executive Chuck Grogman as it’s new VP of Contact Center Sales).  Aside from the obvious revolving door relationship between the executive suits of both companies, we believe these were smart moves for ShoreTel to make.   ShoreTel has achieved new 52 week highs with a stock price of $3.25 – $8.45 and a Market Capitalization of $490M.   By Comparison, Mitel has had a stock price of $2.80 – $9.85 and a Market capitalization of $528M.   Both companies operate in the same space, use the same distribution channel and both offer hosted alternatives to their CPE product lines.
ShoreTel has introduced a new family of end points, or telephone sets that are sip enabled.  This should make it possible for their hosted subsidiary to stop offering CISCO handsets!   We expect a future ShoreTel iPBX software version to further blur the distinction between CPE and Hosted products, with ShoreTel able to offer both.  Look for the new ShoreTel Version to be 1.0 not Version 15!  We suspect that the dealer channel is a bit confused, having bitterly fought “hosted” with a CPE offering.   Now with an entire new distribution channel opening through the former hosted companies sales partners,  ShoreTel branded solutions are being offered by other than the traditional VAR channel.   We also track Ring Central (RNG) and 8X8 (EGHT), both publicly reporting  companies in the pure hosted space, to cross reference both ShoreTel and Mitel performance.
Over all, the prospects at ShoreTel from a Shareholder perspective are looking much better at the end of the year than they did at the start of the year.    The CPE market will undergo continual pressure from the growing homogenization of technology through the adoption of SIP based technology.   Even giant CISCO seems to be positioning SIP ahead of SCCP as  the protocol of choice thanks to Jabber!  The adoption of SIP will continue to drive down component hardware parts like Gateways and Handsets and is the primary reason we would like to see ShoreTel get out of the hardware business all together!   ShoreTel should focus on building a scalable software technology that integrates with as much hardware in the market as can be standardized!  At this point, we recommend ShoreTel as a hold with vigilant monitoring.   You should keep a close watch on both Mitel and ShoreTel as well as monitoring Ring Central (RNG) and 8X8 for hedges and comparison in the hosted space.   The entire sector will be undergoing an upheaval over the next year, so look for more mergers and spin offs to rule the market!
We welcome your comments and remind you that this is just our opinion!

 

WebRTC to change the Contact Center For Ever! Enter Amazon Mayday Button!

Posted on by DrVoIP

Last month we wrote that we believed that webRTC had the potential to change the business communications landscape forever especially as it related to contact centers!  Little did we know that in less than a month, Amazon would do just that with the introduction of the “Mayday” Button.    The Mayday button does just what webRTC is destined to do, embedding a real time, text  audio and visual communications channel within a web browser!   Technical support will never be the same and as we previously proposed, neither will the Contact Center be the same!   Customer Service is about to be redefined and Amazon seems to be leading the way with the absolute first mass implementation of a webRTC application.

The button, a LifeSavior Icon, appears on Amazon’s new Kindle Fire.  Push this button and a dialog box opens with a real time video image of your technical support consultant.   You can see him, but he can not see you.  He can hear you and remotely operate your device, trouble shooting your issue and “show you how” to do a troublesome operation.   If you can not “see” the impact of this game changing technology, you most likely did not see the internet or the tablet market developing either!

What is so amazing about the technology is that the core elements for implementation are readily available.   This is not and R&D project, but more of an integration of currently available technologies.   WebRTC requires a modern  browser but does not require any plug-ins, usernames, passwords or downloads.  This technology will make peer to peer video pervasive and make establishing real time video teleconferences as easy as clicking a link!   One can only hope that Microsoft will for once, just embrace the technology and skip the always painful promotion of some other “not invented” here model like CU-RTC.

Historically, Call Centers were places that you “called” from your home phone.   Now we understand the immediacy of Contact Centers which treat email, chat and sms as readily as phone calls.  Contact Centers understand that the “home phone” is now a mobile device and there is an entire generation of customers who have never had a “land line”.      It does not take a market visionary to see the “high touch” ramifications of a video interaction and the inevitable impact it will have on the “customer service” paradigm.   Adopting video on demand or “click for support” options in the call center is not an option, it is an imperative and will quickly impact the market by segmenting customer service as quickly as new technologies buried the Polaroid!

We are now integrating webRTC Call Center applications either as an appliance or as a cloud in the form of InstaVoice, FACEmeeting, TokBox and Tawk.   Clearly, some customer service applications are more visual and can benefit more immediately than others by adding a video component.  Clearly, technical support or instructional  applications are at the top of the list.   Can American Express be far behind. Are you more likely to interact with a credit card company representative you can see in addition to hear?   (We can only guess at what the HR impact will be on Contact Centers that adopt webRTC, but that is another topic and also worthy of discussion).

We would welcome the opportunity to discuss the concept of webRTC within the context of a real contact center application, so call click or email!   You will be “seeing” a lot more of this from DrVoIP and others, so stay tuned!

 

 

 

 

 

 

 

UCCX Scripting – Working with XML documents

Posted on by DrVoIP

When writing call control scripts for Contact Centers (ShoreTel ECC, CISCO UCCX ) do you really have to start over each time?   Are there really that many differences between contact center applications?    Well, yes and no!  As we continue the search for the killer script, that “holy grail” of scripts which can do it all and never needs to be modified, we turn our attention to the wonderful world of XML!    Every Scripting Engineer has a library of routines that hey have emerged over time.  They accumulate over as the scripts become more refined with time and experience.   You would think there would be nothing new under the sun, but from time to time someone hits on a particularly creative solution to a common call flow requirement.

I have to credit Steven Griffin, a true rockstar of a  software engineer,  with opening my eyes to the possibility of using a “QueueOptions.xml” file to specify parameters you might otherwise hard code in a UCCX call control script.  I have learned from other engineers like Wesley Forvergne and Anthony Holloway how to build on this concept (these guys have all really advanced the state of the art IMHO)  and create scripts that are extensible, supportable and flexible!  Why have to write another script or launch other instance of a script just because the SLA, Menu or Schedule changed?  Why not have a Script that can reconfigure itself based on parameters recovered from a configuration file, using DNIS as the file index?   An inbound call to the contact center triggers a script which uses the DNIS to look up the appropriate configuration for the number dialed.

Maybe this DNIS differs from another DNIS only in as much as the On hours specified  in the Schedule?  If you have been using that “Day of Week” and “Time of Day” UCCX script step you have no alternative but to have either a bunch of “if” steps or creating the same script on another trigger so that you can have a different operating time.  What an inefficient waste of processor and system resources!   Why not just read in the Schedule from an XML file and use the same script for all your DNIS numbers, all on the same trigger?  You can even reconfigure the Menu and Prompts, change the voice mail box, determine if you should play “estimated time in queue” or not and just generally customize the script on the fly!

XML is just a powerful alternative to OBDC type solutions.  No special drivers, portable across operating systems, language independent and able to handle dynamic database changes.  Your XML document can be updated dynamically as required through HTTP and other web based technologies.  This makes it possible  to integrate your call flow based on input from a website entry!   How about SMS to XML?  Think of the possibilities!   I guess that is what we really enjoy about Contact Center scripting!  Never a dull moment and limited only by imagination.

The video discusses the creation of an Xpath specification assembled on the fly and uses a string value to index the XML document.   Great entertainment and fun for the entire family!

 

WebRTC, ShoreTel ECC and CISCO UCCX?

Posted on by DrVoIP

What is WebRTC?   Think of it as a teleconferencing system built right into your browser!   For some time now, call centers have been slowly integrating web chat functionality into the call center tool set.   Visitors to the company website can click on a link and open a chat or “IM” session with the next available agent.  This is a very powerful tool addition when properly implemented, but it reduces the communications process to a the linear, sequential medium of typing.  Not much different than a email with the possible exception that you can “share a form” on the website between the agent and the web visitor.    Some websites have voice enabled chat links and “click to talk to a customer service representative” usually results in a call back.   Why not click and open a real time voice and video link with the call center?   It is very possible to do this, but almost impossible without having the web visitor download a special “plug- in” and having proprietary voice gateways on your call center.

 

This is where WebRTC can play a major role in “peer to peer” communications.  DrVoIP believes this technology has the capacity (excuse the pun) to redefine the communications landscape.  Using WebRTC users are able to establish a real time voice and video communication channel without having to download an special software, or create a special user account!  WebRTC leverages the recent trend in which the web browser IS the “application” and facilitates browser-to-browser communication, with no software downloads or registration needed. The web browsers themselves include all the capabilities needed to support real time  voice and video communications. WebRTC standardizes communications between browsers, enabling audio and video communications, and data bridges to support text chat or file-sharing.  For this reason it is an ideal solution to to enable customer care solutions that desire direct access to the call center!

 

Imagine your prime demographic prospect or client browsing your website from and Droid or IPhone and being able to open a real-time voice and video interaction with your call center based agent or representative!  Talk about “point of sale”!  The client no longer has to search for a call center number, or wait for a call back, but seamlessly adds a human sales or customer service resource within their current search reality!    Chrome and Firefox have stable releases and others are quickly moving to address the emerging webRTC standard.   Yes, we have the technology today to implement “person to person” communications models  within the contact center,  freely mixing the media streams from webRTC with the PSTN and SIP media streams already coming into your call center!

 

We used to say “never trust anyone over thirty” and that still seems to be the case.  To many “old” people running call centers!   There is a generation of folks out there that have never had a wire based phone,  don’t want one and live in the very mobile world of ‘instant gratification”. They have been raised on wireless smartphones, the internet and “faceTime”.  Much the way the broadcast television industry has been crushed by Video on Demand, YouTube and Netflix, your call center will be crushed if you don’t begin to understand the fundamental shift in communications technology that is reshaping the global business communications landscape.   DrVoIP believes, the American Business communications landscape will be littered with the bleaching bodies of those call centers that fail to adopt WebRTC!

A Cure for the common Hold?

Posted on by DrVoIP

The Symptoms  – Help!  My on-hold recording warbles like a wounded canary!  If your customers are kvetching over the aches and pains of listening to your wobbly, distorted on-hold recordings, it’s time to seek medical help.

The Causes – The growing number of professionals who conduct business on the move is part of the affliction, along with the rapid exodus from traditional landline phones to more mobile technologies that rely on the strength of broadband to function.

To cope with the massive communications overload, cell towers are constantly switching between multiple cell phone conversations every second, which can make recorded music sound wobbly, distorted and the speech content almost impossible to understand. It’s an epidemic. And, depending on how busy the local towers are with calls, they’ll reproduce music reasonably well when call traffic is very light. Other times, because of heavy traffic or poor reception, the on-hold messages themselves will sound freakin’ awful.

The Cure – On Hold Advertising has the Rx for the common hold and will make your recording sound awesome! We custom produce all kinds of voice media with no music, just highly professional voice talents. Or, we can spice it up with catchy rhythmic backgrounds specially created to workaround the nuances of cellular connections.  For more tips on making the most of telecommunications marketing to keep your customers happy, and maybe a little less insane, visit us at onholdadvertising.net.

 

Hacking ShoreTel!

Posted on by DrVoIP

I though  I had seen it all!

When you have been involved with the design, deployment and management of customer premise telephone systems for as long as we have, you think you have seen it all. Over the years as we learn from our mistakes we improve our “best practice” list to assure others gain from our experience. When I was barely a teenager, I learned how to assemble a string of MF tones using a Hammond organ keyboard.  Recording two keys at a time, you could create toll call routing instructions that could be played back after making a 1-800 toll call before the terminating end answered! That, along with the famous Captain Crunch 2600Hz cereal box whistle, kept me and my friends entertained for years, stacking toll tandem switches and meeting other hackers in far away phone booths!  Things have changed as in-band signaling has long ago been replaced with out of band signaling and whistles no longer work. Toll fraud however, continues to be a major source of unanticipated costs for business and the toll bandit syndrome is still alive and well in the Internet age.

Just like a web sever which uses well know port 8080 to serve up web pages, SIP phone systems use a common port.  Scanning ports for open port 5060, then banging away for a user login and password to create a registration was child’s play and most companies now have this locked down. The fact that most Voice Mail systems used a common password was also a source of hacking entertainment, but now most manufacturers do not create mailboxes until someone needs one, eliminating a source of illegal phone calls though remote access.  Direct Inward System Access or DISA used to be a favorite tool for making fraudulent toll calls. Users would call into the system, put in a pin and then be granted access to make phone calls.  It did not take long to figure out how to abuse that feature!

Kevin Mitnick needs my help?

Like I said, just when you think you have seen it all, something new shows up. You have to laugh at how obvious and simple it was.  I was recently contacted by a guy who you would think has seen it all, Kevin Mitnick. If that name does not immediately “ring a bell,”  then maybe you might remember a couple of his books:  The Art of IntrusionThe Art of Deception and most recently Ghost in the Wires.  Kevin has not only seen it all, he has done it all!  Anyway, Kevin was researching a compromised ShoreTel system for a client and wanted to compare notes with DrVoIP.   Apparently someone had gained unauthorized access to the system and was making toll calls that were costing the target company a small fortune. If you have ever experienced toll fraud you know that your vulnerability is broadcast all of the Internet in just a matter of minutes.You will find yourself explaining to Homeland Security why you are making so many phone calls to Dubai!

Kevin had a sheet of CDR records that showed the date and time of the calls. Unfortunately the calls seemed to be originating from the Automated Attendant so they could not be traced to a particular extension number within the system.  We brain stormed some possibilities.  I thought for sure this had to be an inside job!   Maybe someone was using the “find me follow me” feature, but that would only send the call to a single number. These calls were all over the map! Literally all over the globe! ShoreTel does not have a DISA feature and VM boxes do not exist unless they are assigned to a user. The password must be changed as a part of the setup process.  So how was this system hacked?

Well, I could tell you but that would take all the fun out of hearing from you as to your thoughts on how this was done.  I will promise you that it takes one to know one and Kevin, genius that he is, figured this out, not I!   Even DrVoIP was taken in by this clever ruse!  Post your comments below with your thoughts on how this was accomplished and we will send you the puzzle answer Kevin uncovered.  My thinking is that all we can ever hope to do is to raise the bar, keeping out the less sophisticated mice.  There will always be someone smarter, someone more dedicated and focused, who will make it his mission to crack your safe!

Updated with Answer September 1, 2013

– Well a couple of people actually broke the code (excuse the pun)!    What Kevin learned was that one of the great flaws in VoIP is the complete lack of control when it comes to secure Caller ID!   Simply stated, there is no security or verification of Caller ID!   Using any number of readily available tools, it is possible to spoof your caller ID. You can make your phone display any number you want!   ShoreTel has a voice mail feature that enables you to listen to a voice message and then return the call by pushing a voice mail menu option key!   This is a very handy feature, especially if you are calling into your voice mail from you car, just hit the “return call” option and provided the system was able to capture the inbound Caller ID, the ShoreTel will place an outgoing call to that number and conference you in!    So lets put this simple ShoreTel hack together – the hackers gained control of a voice mail box, then called into the ShoreTel Voice Mail system with a spoofed Caller ID and the left a brief message.  Calling back into the system, this time to check their voice messages and then hit the “return call” option key, which then placed a call to an International Middle East location all billed to the the ShoreTel system owner and showing up only as a Call Detail Record owned by the Automated Attendant.    Great feature, but we would recommend that you don’t allow the VM system to place International phone calls!    Thanks to all who took time to write and special thanks to Kevin Mitnick for a really fun Service Call!