Xanatek in The Press
Media should contact Xanatek at (800) 875-6033 for any questions
The Anderson Agency Report
Vol. 27 No. 3
How Vulnerable is Your Phone System?
by Brent Sheppard
As a technology professional and a business owner, I often think about network security, virus software, and many other computer related issues. I can honestly say I had never given much thought to phone system security. Recently, I had a very rude awakening when my phone carrier called and asked if I had been making international phone calls all night long.
One Communications, my local and long distance carrier called the office at 9:10 A.M. asking if these were our calls. I promptly said no they were not. We do business in the United States only and have no reason to make international calls or even have international service on the system. From 12:35 A.M. until the time they disabled the international calling, just less than 9 hours, 618+ minutes of calls had been made to North Korea from my office.
As you can imagine I was alarmed, perplexed and confused. Then the question became am I responsible for payment of these calls and how much? One Communications promptly indicated that the problem was with my office phone system and that I would be held responsible for the bill. Now the panic sets in. How much does it cost to call North Korea? I called my One Communications representative and she also confirmed I was responsible and that the rate was at least $2.57 a minute. My heart begins to race even more as I do the math. When the bill arrives, it is over $2000! More on this later!
After my anger level subsided a bit, I knew I had to figure out exactly what was happening with our phone system. I called IP Solutions located in Mishawaka, Indiana who originally installed our phone system less than 10 months ago. In a few hours the technician arrived and found the problem.
The simple explanation: someone hacked into our voicemail system and reprogrammed it to call forward. In total they had compromised 6 voice mailboxes on our system and used them to make 99 calls to North Korea and two to Africa.
When we use the term "hack or hacking" we often think of our network and data systems. In this case, the network was very secure. Nothing on my data network had been compromised; the system had been compromised using the dial tone. The hacking had been done just by dialing our 800 number. In reality, the process is extremely simple and everyone with international calling service is subject to this happening.
Many voicemail systems use the same default password of 0000. Hackers know this and know how to exploit the system. They specifically target toll free numbers by calling and when the voicemail answers, they enter "#0000" on the key pad which is the typical way to enter the voicemail setup. This can also be done by a computer system making random calls and alerting someone when a successful response is obtained. Toll free numbers are typically targeted because it does not cost them anything to dial while trying to break in. If they are successful at breaking in, it costs them nothing to make the call.
Once in the voicemail system, they simply follow the prompts to program the voicemail box to call forward. Many systems allow you to have a "follow-me" feature. If you are not at your desk or going to be traveling, you can program the voicemail to call you with a voicemail or forward the incoming call directly to your cellphone, home phone, or any number of your choice. All of this can be done while connected to your voicemail through the keypad on your phone. That is what happened to us. They simply reprogrammed six of our mailboxes to call four different numbers when those mailboxes were accessed. Once they find a vulnerable mailbox, they will access the phone directory giving them a list of all available extensions. In our case, I assume that a computer system also randomly tested extensions as four of the mailboxes were not used or listed in our directory.
Why were we vulnerable? In January 2010, we moved to a larger office and purchased a new phone system. When setting up our phone system we had mailboxes with the original default password of 0000. "Sales" and "Tech" were mailboxes that would take a message and then forward it on to another extension. No one used these mailboxes or had the forethought to change the password. In addition, we had two "empty" extensions. These were mailboxes setup in our office but not used as they were reserved for adding staff at a later time. We had two mailboxes compromised because the password was 1234. Finally, we were compromised because the default password system requirements were never changed when the phone system was installed.
Is it a covered loss? I called my insurance agent and explained the situation; he indicated he was not sure if and where it would be covered and that he would check on it. After several phone calls to adjusters and underwriters no one knew what to say. Yes, I had a loss but what? I lost money, but no one broke in to my physical location by going through the front door. They essentially stole my phone line. Is that covered? No one was sure how or where to cover it. After further discussion, I decided not to file the claim and pay for it myself.
In the meantime, I had contacted the FBI to file a report. I surely did not want it noted that my company was making regular calls to North Korea as this was around the time they were tossing bombs at a small island off the South. The FBI agent found the whole thing very interesting, said "it would definitely be checked into it, but I would not be advised of any findings." My guess is that they have some new phones numbers to monitor.
Originally One Communications indicated that I would be responsible for the charges. My argument was that when I signed my paperwork for service, I agreed to a local and long distance rates. I did not agree to an international calling rate. In fact, I did not even know that international calling was on my system as it was not listed on my contract. I felt they had worked very hard to advise me of the local and long distance service, but failed to discuss international calling. Therefore, they should be responsible for adding long distance service without my consent. Of course they disagreed and felt that my phone vendor was responsible for leaving our system vulnerable. I felt that they both were responsible as they both should have advised me of this type of fraud. Essentially, they both had left me vulnerable to the loss.
Several weeks and emails passed. Eventually, I received a call from One Communications offering to reduce the phone bill. After some additional negotiation we agreed upon a figure that we both could live with. My phone vendor agreed to pay the negotiated amount as they felt somewhat responsible.
- Change the default password requirements on your phone system.
- Don't allow easy passwords on your phone system.
- Don't leave unused mailboxes with default passwords.
- Call your phone vendor and ask for a security review.
- Remove international long distance on your system.
- Add a security code requirement when making a long distance call.
All phone systems have defaults; make sure that your vendor changes the default password to something you agree with. I suggest a change in the number of digits as well. Our system had a default of four digits, I now have several more. By changing the number of digits it also prevents the 1234 passwords. You should also educate your staff about easy passwords. You have told them over and over about network passwords, now you should talk to them about their voicemail passwords. If you have extra extensions on your phone system, make sure you change the password on all of them. Show your vendor this article, ask them for a phone system review, and then ask for a written letter that the system is now secure. If you don't make international calls, remove the service. An additional step is to call your phone carrier and ask that they block all international calling. If you want international service on your phone, I suggest a call security code. With the help of your phone vendor you can assign each employee a security code. When they make a toll call (long distance or international) they will have to enter that code before the call is completed.
Given enough time, any system can be compromised, but you can take steps to prevent it. In most cases, the crooks will spend a little time on your system, not a lot. If your system too difficult to break into they will lose interest and move on.
Xanatek is moving!
November 10, 2009
On January 15, 2010 the office will be closed for relocation to the Chase Tower in downtown South Bend, Indiana.Xanatek is relocating to facilitate our continued growth. The entire office space has been renovated to our specifications in order to provide better service, technical support, and workflow. Highlights of the space include:
- More than double square footage.
- Larger training area doubling our current onsite training capacity.
- Increased phone capacity.
- Fiber connectivity to the Internet for more stable and faster support.
- Discounts with the hotel located in the building for those attending Boot Camp.
- Great views of South Bend, Notre Dame, and the area.
We will be offering limited support on the 15th due to the disruption of phone service. Phone numbers will remain the same. Mailing address should be changed to 211 W Washington Street, Suite 1900, South Bend, IN 46601 after 1/15/2010.Please visit our new location anytime after the 15th.
Iroquois Welcomes Xanatek
March 10, 2009
Iroquois has developed a strategic relationship with Xanatek, a developer of software programs designed for the insurance industry. Its primary program is called Insurance Management Solutions (IMS)-a powerful, innovative system that offers comprehensive agency management and document imaging capabilities. Designed by insurance agents, IMS helps to increase your office productivity through:
- Improved Customer Service
- Enhanced Office Communication
- Increased Sales
- Reduction in Paper Storage
“IMS has been a very worthwhile investment for our offices. It allows for seamless communication between our two locations that are 30 miles apart. It has improved the efficiency of our staff and the satisfaction of our policyholders. The image filing is a wonderful feature and allows for immediate document retrieval. I wish we would have started using the system years ago.“
- Kathy Ayres, Ayres Insurance Agency, Inc.
Iroquois DiscountIroquois members will receive a 10% discount off the retail price of the IMS software, plus three free months of support.
Quietly Gaining Market Share
By Nancy Doucette
Insurance Management Solutions
Brent Sheppard was an agent in a highly automated agency in the early ’90s. As the agency began to develop its own document imaging software, Sheppard discovered he preferred working in the technology field to selling insurance. By 1994, he’d established Xanatek, Inc., his own technology consulting company, and was marketing the document imaging solution his company had created.
Building on the document imaging solution, Sheppard rolled out Insurance Management Solutions (IMS) that same year. Among its features are client/prospect management (including campaign management); secure storage of sensitive human resource information, tax and accounting records, and agency agreements; e-mail and in-house instant messaging, a multi-user scheduler (calendar and to-do list) that can be synchronized to a Palm Pilot™, access to ACORD forms, download, and reports. The accounting module includes a complete account current and is integrated with QuickBooks.
Taking into consideration the features that IMS offers, he believes the product has two specialties: document imaging and an add-on capability—a telephony product dubbed the Call Center.
“Because we started out as a document imaging system,” Sheppard says, “we’re able to store millions of pieces of paper for long-term, legal storage. The documents are stored under the customer record in an encrypted proprietary format. The images can’t be modified.”
Users can purchase the Call Center for an additional amount that is computed based on the number of incoming phone lines. The Call Center will track all the agency’s incoming and outgoing telephone calls using caller ID. He explains if a caller’s phone number matches one that’s in the client database, the Call Center will pull up the customer record and open the client’s note section on the user’s computer screen so the details of the call can be documented.
Sheppard says agencies own the copy of IMS which they house on their server. “It’s not a lease,” he emphasizes. “So if the agency decides to discontinue paying for IMS, they still have access to their data. It is their data, after all. They won’t, however, have access to support or updates.”
“We use everything Xanatek offers,” proclaims Mike Peterson, CIC. He heads up Peterson Insurance Agency, Inc., in South Bend, Indiana. He was attracted to the IMS product more than 10 years ago because of the imaging component. “We were tired of hunting for files,” he recalls. “And the more you use technology, the better your profit margin becomes.”
Peterson appreciates the “cool tools” that are part of IMS. One time saver is the system’s ability take a client’s address directly into MapQuest or Google Maps without rekeying. He also likes the Boolean search feature which will search all notes and images for a particular subject. Additionally, he relies on the in-house instant messaging function. During our phone interview, he said a message box opened on his computer. It read: “Client wants to reduce his limits. Would you like to talk to him?”
In terms of security, he values the ability to block access to certain portions of the system. “You can set different levels of security to designate which users can see what. Best of all, you don’t have to be a computer guru to do that,” Peterson concludes.
Inside Indiana Business
January 7, 2001
"INside Technology Report"
By Barb Lewis
Indianapolis based talk show.
Brent Sheppard, President of Xanatek was recently interviewed on Inside Indiana Business.
Document Imaging Report
September 1, 2000
"Compression Is Strength Of Low-End Imaging Package"
By Ralph Gammon
"A software developer out of South Bend, IN, has released an image archiving program aimed at 15-to 50-employee departments and small-sized businesses. Xanatek is offering its Image Archiver software for $395 for a single seat version and $1,295 for a network client/server version. "We are targeted above the retail document imaging market served by products like Pagis Pro and PageKeeper," said Brent Sheppard, president of Xanatek. "And, we are targeted below full-scale document management systems by vendors like Fi1eNET. Our system is built to manage up to 40,000 new documents per month. If a business is scanning more documents than that, it should probably be using a larger system."
Sheppard said Image Archiver is different from retail imaging products because of Xanatek’s proprietary compression technology. "Retail imaging products don’t use enough compression to address long-term storage concerns," said Sheppard. "In addition to saving storage space, our compression technology ensures the legality of documents. Once documents are stored in Image Archiver, they can’t be modified. They can only be viewed, faxed, or printed."
Image Archiver stores documents in a proprietary format. Documents in various formats such as TIF, JPEG, Microsoft Word, etc., can be converted to Image Archiver documents. Image Archiver documents can also be exported into various formats; but, as long as documents remain in Image Archiver, they can’t be altered.
Xanatek was founded in 1993, as a general IT consulting shop. In 1995, the company developed an imaging system targeted primarily at independent insurance agents. Image Archiver was introduced last year. "We’ve retooled, sold off the other portions of our business, and repositioned ourselves as a software vendor," said Sheppard.
Xanatek currently has three employees and is seeking investment capital. Sheppard is negotiating to set up channels for Image Archiver. He plans to use distributors like Ingram Micro and Tech Data."
Associated Press Business Writer / South Bend Tribune
Sunday, July 12, 1998
"The Paper Chase"
By Maggie Jackson
"Some companies are drawing the line, trying to replace paper with electronic methods of communication. Since Great Lakes Insurance Associates invested a year and $100,000 into going paperless, insurance agents from six states have made pilgrimages to the small Erie, Pa., agency to see how it's done. The files of Great Lakes' 10,000 clients are now computerized, allowing employees to stop trekking to file cabinets to handle calls. Each customer service staffer now handles $2 million in client business annually, double the amount prior to conversion.
South Bend Tribune
Friday, May 22, 1998
"Working toward a paperless office." By Aaron O. Hall
"People are going to want to have that paper," Sheppard said. "It's no different than a Xerox. It's digital image just like a photocopy. The hard thing is getting people to understand that paper is a document and so is imaging."
Small Business Computing & Communications
"Pulp Fiction: Separating the myths from the realities of the 'paperless office'"
"Image Management Systems (IMS), a small firm in South Bend, Ind., is providing a customized paperless office system to small insurance agencies. 'We've already got them paperless,' says IMS president Brent Sheppard, about Erie, Pa.-based Great Lakes Insurance. Great Lakes, a $12 million firm, has just 13 employees. 'If you go to their office, they do not have a file cabinet.'"
"'Of course, you will still have paper in the office, because it comes in the door,' says IMS's Sheppard. 'But the goal is to convert it to paperless as soon as it comes in.'"
Regarding Ted C. Parker Jr. & Pete Zaphiris from Great Lakes
Insurance Associates in Erie, Pennsylvania
"Both now are 'proud parents' of an IMS system and software that was tailor-made for insurance business by former ERIE Agent Brent Sheppard of Sheppard Consulting in South Bend, IN." "The system allows Great Lakes Insurance Associates to scan both client files and agency information- into the computer- and out of file cabinets and precious office space. They're not only computerizing new information-including hand written notes, weekly production reports, ERIE's new auto classification, and daily stacks of mail some six inches deep- but are also scanning 20 to 25 existing client files a day into the system."
"Instead of investing in a mortgage and fancy building, we decided to make a major investment in an automated system."
"A Technological Rescue"
Regarding IMS-Paperless Office Software & Great Lakes Insurance Associates
"'It's not a difficult system to use,' said Pete (Zaphiris). 'There are color-coded classifications for claims, documents, renewals and endorsements.'"
"Last year they began looking for yet a larger place (to house their offices), but the IMS saved them from that expense. They've replaced massive paper files with desks for new producers and moved customer service representatives nearby 'Plus, we're on three floors here (said Pete). ' We don't have to hunt upstairs and down for a file.'"
South Bend Tribune
Saturday, March 23, 1996
" Paperless office wave of future, consultant says" by Paul Dodson
Pg(s) B 10
"There is growing interest in the paperless office, according to (Brent) Sheppard, because of the growing cost of maintaining papers in file cabinets. 'We take the file cabinet and throw it away,' he said." "One of the main reasons companies adopt the paperless office is to make it easy to move shared information on a networked computer system. 'The minute I put this piece of paper in the scanner, it is available to everyone on the network,' said Sheppard."