Not so random. Found a FreePbX phone system that requires ssh for phone traffic to pass to the VoIP provider. VoIP provider calls once a month saying a quarter of their total bandwidth comes from one number on the clients phone system and changes the private key used to authenticate. VoIP doesn't require ssh, so after figuring out all calls are being routed to a man in the middle, ssh gets disabled and phone quality improves, VoIP provider is happy. If the hackers only knew how to maintain good call quality, they would have never been discovered.