It is possible to generate fraud traffic via Cisco/Linksys SPA VoIP adapters/phones either modifying settings like forward all calls or dialplan. For some reasons Cisco/Linksys SPA devices are vulnerable to hacks, I suppose bot-type brute-force password attacks or lack of admin or user password (but not my SPAs). Thus all incoming calls are forwarded to expensive destinations. Suspect of bots into local network coming also from call attempts logs like *9100, *9101, ... , i.e. intercom calls to all extensions till hacked SPA is found. Typically some Israeli numbers are called (00972...), but also other destinations may appear. Any suggestions / experience ?