DIA WASHINGTON DC//DSM-4//
          TO AIG 7894
          AIG 9144
          RUEKJCS/SECDEF WASHINGTON DC//C3I-T//
          RUEKJCS/JOINT STAFF WASHINGTON DC//6JT/DIRM:SCD/
          RUEABOA/HQ AFOSI BOLLING AFB DC//IVSC//
          RUQVCCC/AFCSC KELLY AFB TX//SR/SRE/SRM/SRMA//
          RUQVAAF/HQ ESC KELLY AFB TX//INAR//
          RUEADWD/DA WASHINGTON DC//DAMI-AM/DAMI-CIC/SAIS-SS//
          RUDHAAA/CDRINSCOM FORT BELVOIR VA//IAOPS-CI-TO//
          RUEBJFI/CDRUSAOPSGP FT GEORGE G MEADE MD
               //IAGPC-TSE//
          RUFLMME/CDR730THMIBN MUNICH GE//IAGPE-SCM//
          RUDMNIC/COMNAVINTCOM WASHINGTON DC//OOQ/OOJ//
          RHDLNIS/NAVINVSERV ERREG LONDON UK//60HQ//
          RHDLSRA/NAVINVSERVRA LONDON UK//60LN//
          RUFLMMA/AFOSI DET 7008 MUNICH GE//CC//
          RUEACMC/CMC WASHINGTON DC//INTX//
          RUCJACC/USCENTCOM MACDILL AFB FL//J2//
          RUSNTCC/USCINCEUR VAHINGEN GE//ECJ2/ECJ2-P/EUCOM
AIDES//
          RUCBSAA/USCINCLANT NORFOLK VA//J2//
          RUHQHQA/USCINCPAC HONOLULU HI//J2I//
          RUCUAAA/CINCSAC OFFUTT AFB NE//INYSCC//
          RHLBAAA/USCINCSO QUARRY HEIGHTS PM//J2//
          RHCUAAA/USCINCTRANS SCOTT AFB IL//J2//
          RHCGSRA/USCINCFOR FT MCPHERSON GA//J2//
          RUVESLA/USSPACECOM PETERSON AFB CO//J2//
          RUDOGHA/USNMR SHAPE BE//DACOS INTEL//
          RUETIAA/NSACSS FT MEADE MD//C912//
          RUDHAAA/CDRINSCOM FORT BELVOIR VA//IAIM-AUT-L//
          RULKSDH/NAVELEXSECCEN WASHINGTON DC//CODE 043//
PASS TO THE LOCAL TELECOMMUNICATIONS SYSTEMS MANAGERS.
SUBJ: COMPUTER SECURITY ALERT AFFECTING PRIVATE BRANCH EXCHANGES
(ASSIST 91-12) (U)
1. (FOUO) A RECENT SPATE OF ATTACKS FROM THE NEW YORK CITY AREA
AGAINST A USG PRIVATE BRANCH EXCHANGE (PBX) HAS HIGHLIGHTED A
POTENTIAL VULNERABILITY THAT ALL PBX OPERATORS MUST BE MADE
AWARE.  IN THE MOST RECENT CASE, UNKNOWN PERSONS FROM THE NEW
YORK CITY AREA WHERE WERE USING AN 800 SERVICE TO CALL INTO A USG
AT&T SYSTEM 85 PBX.  THEN USING THE INWARD SELECT ARRANGEMENT,
ALLOWING ACCESS INTO THE AUDIX SYSTEM OF THE PBX, THE
PERPETRATORS USED THE REDIAL FEATURE OF THE AUDIX TO BEAT THE
SYSTEM ALLOWING OUTDIAL TO DESTINATIONS OVERSEAS. 
2. (FOUO) THE RECOMMENDED SOLUTION TO THIS SPECIFIC VULNERABILITY
IS TO CONFIGURE THE MOST CURRENT VERSION OF THE ENHANCED CALL
TRANSFER FEATURE (VERSION 2 RELEASE 4) PREVENTING OUTDIAL ON THE
AUDIX.  IF VERSION 2 RELEASE 4 IS NOT AVAILABLE THEN OTHER
SOLUTIONS ARE AVAILABLE IE: USE A TRUNK GROUP RESTRICTION TO
BLOCK THE AUDIX REDIAL CAPABILITY.  
3. (FOUO) THE INCREASING COMPLEXITY AND VOLUME OF FEATURES BEING
OFFERED WITH THE NEW GENERATIONS OF PBX ARE RAISING THE
FUNCTIONAL DIFFICULTY OF THE TELECOMMUNICATIONS MANAGER IN
CONFIGURING THEIR SYSTEMS.  INCREASED KNOWLEDGE ON THE PART OF
THE TELECOMMUNICATIONS MANAGER IN SYSTEM CONFIGURATION AND
FEATURES OPERATIONS CAN PRECLUDE SIMILAR OCCURRENCES FROM
HAPPENING.  ASSISTANCE IS AVAILABLE FOR IN INSTANCES OF SUSPECTED
ABUSE OF THE FTS 2000 SYSTEM. CONTACT THE POC BELOW FOR FURTHER
INFORMATION.
6. (U) ASSIST POINT OF CONTACT FOR THIS MATTER IS MIKE HIGGINS,
COMM (703) 284-0182 / DSN 251-0182.  ASSIST CAN BE REACHED 24
HOURS PER DAY, COMMERCIAL PAGER (202) 896-6863 (FROM A TOUCH TONE
PHONE ENTER THE CALL BACK NUMBER AFTER THE TONE PROMPT) OR
AUTOVON DIAL 243-8000 AND ASK TO HAVE THE ASSIST DUTY OFFICER
PAGED.