We got hacked!
The house phone is an Asterisk PBX and our service provider is Sipgate. They informed me last Thursday that our system was compromised, due to some unusual call activity, but no more info than that. So we changed all our passwords for our SIP account. FAIL.
Saturday and Sunday and Monday saw more calls made; Sipgate support don't work weekends and we didn't notice until the call credit low warning hit my inbox on Monday evening. Another email to Sipgate, this time they tell us that our Asterisk PBX is making the calls, and no we can't have the money back. A quick check and lo! I allowed external guest extensions to connect to the PBX, and I didn't restrict the IP addresses of registering devices. DAMN! Ah well, you live and learn.
Fortunately Sipgate charge up front, and we only put £10 on at a time. The bad guys made off with £4-ish of calls, we don't have auto pay setup and we do get an alarm when the credit goes below £5. All told the most we can loose is £10 and this saves us £15 every month (no line rental).
So a quick crash course in securing Asterisk, and a dollop of iptables firewalling for the PBX and we're back up and running.