"The recent attacks were conducted by hackers exploiting a security vulnerability in Asterisk software. [...] The vulnerability can be exploited by cyber criminals to use the system as an auto dialer, generating thousands of vishing telephone calls to consumers within one hour," reads IC3's warning.

John Todd, Digium's community director, has written a response on the company's blog in which he notes that "the nature of the warning is extremely vague, and has left us guessing as to what the exact issue is that they reference, and how Asterisk is involved." He admits that the company and the developers of the open source version of the Asterisk platform are unaware of any new vulnerability that might fit the description in the FBI warning.

 Continue reading...

Hasan Gafoor, Mumbai's police commissioner, said Monday that as once-complicated technologies - including global positioning systems and satellite phones - have become simpler to operate, terrorists, like everyone else, have become adept at using them. "Well, whether terrorists or common criminals, they do try to be a step ahead in terms of technology," he said.

Indian security forces surrounding the buildings were able to monitor the terrorists' outgoing calls by intercepting their cellphone signals. But Indian police officials said those directing the attacks, who are believed to be from Lashkar-e-Taiba, a militant group based in Pakistan, were using a Voice over Internet Protocol (VoIP) phone service, which has complicated efforts to determine their whereabouts and identities.