Re: [VoiceOps] Fraud

[Deepak Dube]

Hi Alex,

good approach.

one comment though: low-grade fraud traffic to audio text destinations will
go undetected, and over time, it can accumulate more fraud loses than those
who try to burst, get caught, and shut down immediately.

thanks,
dd.


On Mon, Feb 24, 2014 at 4:41 PM, Alex Balashov abalas...@evaristesys.comwrote:

 I've said it before and I'll say it again:

 We stopped 95-98% of the losses on this sort of thing for a large customer
 who was losing thousands of dollars per day on it, by implementing the
 following approach:

 Every trunk group gets a 'high-cost channel limit', which is the X number
 of simultaneous calls that they are allowed to make to destinations that
 cost over $Y/min. The limit was typically something like $0.10, so as to
 exclude domestic US traffic, but certainly catch Somalia and Globalstar.
 Both X and Y are configurable on a per-trunk group basis, so customers who
 have a legitimate need for 50 concurrent calls to Dakar can do that. For
 most typical domestic users, the limit was set to something like $0.10 and
 2 channels.

 When this limit was tripped, typically due to a compromised PBX with some
 extension password of 1234, the following things happen:

 (1) All existing calls are terminated;

 (2) An alert e-mail is sent out to the customer and to the NOC;

 (3) Customer is downgraded to a termination rate plan that only allows for
 domestic calling. That way, they're not totally cut off from calling and,
 in all but the most unusual scenarios, not exceptionally angry. There is no
 reason to cut them off entirely. That's a false dichotomy. Downgrade them
 to a restricted calling plan.

 The thinking was that (a) there's only so much exposure that two
 simultaneous calls to rural Chad can create; (2) almost any typical attack
 pattern relies on lighting up as many calls as possible in the shortest
 period of time, since they know they'll get cut off soon. So, almost any
 exploit is going to trip the wire, and do so quickly.

 These assumptions proved correct, and the losses virtually disappeared.

 Today, this fraud protection feature is integrated into the trunking
 platform that we sell. In our experience, it works very well.

 --
 Alex Balashov - Principal
 Evariste Systems LLC
 235 E Ponce de Leon Ave
 Suite 106
 Decatur, GA 30030
 United States
 Tel: +1-678-954-0670
 Web: http://www.evaristesys.com/, http://www.alexbalashov.com/

 ___
 VoiceOps mailing list
 VoiceOps@voiceops.org
 https://puck.nether.net/mailman/listinfo/voiceops

___
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

Re: [VoiceOps] Fraud

[Deepak Dube]

The PBX was hacked, originating calls to expensive int'l destination -
presumably, a case of revenue share fraud. Have you considered smart tools
that monitor revenue share fraud accurately? Some of them can flag fraud by
identifying unusual calling patterns - in near real-time.

It's like the credit card industry that shuts down the credit if it
suspects unusual purchases.

Hope that helps.




On Wed, Feb 19, 2014 at 5:09 PM, John Curry j...@intelechoice.us wrote:

 I am new to your site. I was looking in the Archives and saw in November
 2013 there were some of you who experienced fraud. We had a an Avaya IP
 Office customers system who got hit pretty bad. The customer is treating
 the fraudulent calls like credit card fraud and not taking any
 responsibility. Does anyone have any advice on how to persuade the customer
 take this issue seriously?  His bill was racked up pretty good.  Strangely
 and coincidentally Avaya came out with a security bulletin the end of
 December 2013 on this same issue.  I tried to contact Avaya with no
 response. It seems as though someone has built a sniffer for the Avaya IP
 Offices and gleaning their registrations.

 ___
 VoiceOps mailing list
 VoiceOps@voiceops.org
 https://puck.nether.net/mailman/listinfo/voiceops


___
VoiceOps mailing list
VoiceOps@voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops