Schneier on Security
A blog covering security and security technology.
« Control Your Car from the Internet |
| Stealing Data from Disk Drives in Photocopiers »
March 21, 2007
Stealing and Reselling Phone Minutes
Interesting new variation of phone fraud:
For the telecoms, the profit is in using VoIP to deliver calls from one phone to another. That requires a "gateway" server to connect a carrier's phone network to the Net. Phreakers break into these gateways, steal "voice minutes" and sell them to other, usually smaller, telecoms. Many of these firms then sell printed phone cards or operate call centers. "It's a great racket," says Justin Newman, CEO of BinFone Telecom of Baltimore, which has been stung by phreakers.
Posted on March 21, 2007 at 11:20 AM
• 12 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
"lacking the money for secure gateways". So these companies are place an insecure gateway on the public internet and then crying about stolen minutes? They should consider themselves lucky they are making any money at all!
I'm on the internet and I'm not protected and people are stealing from me. Now where did we hear that before...
"But VoIP is not as secure as old-fashioned phone lines" , Could be any worse?:)
I sent you an e-mail to advise you of your being hacked and not corrected
in url redirection to Machine Science [NFP Robotics Co in Boston]
for the third straight day, this A.M., but ms did not go out
through our servor. So I am trying different routes.
The point: it is bad for your rep to have your url hijacked =[be hacked]
for three days straight.
Hope this message gets to you.
First two days' alert had no noticable effect,
and number three didn't get past our servor net.
See next for previous
Previous | Next | Back to INBOX Printable View | View All Headers
| View Email Source
> inline textas attachment Select Folder Undeliverable Mail
From: [unpub] [Add to Address Book] Flag Message | Mark Unread
[This is spam]
Date: Mar 20, 2007 11:22 AM
I sent you this ms. yesterday;
all is still the same.
Your web page click through from Google:
"Schneier.com - - -
refers us to Machine Science as
URL = http://www.schneier.com in the address line
but is a different web page
and when that address line is clicked on
shows the actual URL translation as http://www.machinescience.org/
I think your page or its locator has been hacked.
Hop on it - it was DAY 2
"Lacking money for expensive guarded storage facilities," the small auto manufacturer has been hit dozens of times by thieves stealing parts and raw materials.
If someone printed this, everyone would laugh at that company. But, if it's VoIP, people feel bad that they are victims of hackers and phreakers.
Go back to MBA school, learn how to build a decent business model, start over.
You may want to check the DNS server your pc(s) are looking towards. Chances are it or, perhaps, your own local hosts file is the one that is hacked.
Yeah, I'd be checking your system if I was you Peter.
...I can kinda understand why Bruce didn't pay further attention to your email.
This is not new. Is basically the same thing that happened not a long time ago and became news when a VoIP "carrier" from US had some thousand bucks stolen.
What people tend to forget is that this kind of theft also happens, though in a different way, using DISA, phreaking and specialy, identity fraud.
Phone fraud had been a huge business for years, things are running so wild that in countries with strong criminal organizations like Brazil, criminals frequently use DIY PBX systems to practice their business.
Real phone systems still have some of the same problems. In that emplyess steel call time of a switch and then sell that off on calling cards etc. Was pretty big in indonesia back in the late ninties.
On a different note. they can't be loosing much money if its still more expensive to make the gateways secure.
I'm still impressed by the phreakers from several years ago that were able to run up the long distance bill of an interstate emergency call box phone to the tune of several million bucks.
I saw once a variation of the technique which was semi-legal. A company would buy a lot of GSM SIM cards with business calling plans, put the cards in gateway, and, using VoIP route international calls directly to the GSM networks without the calls passing the national telecom network (which was mandatory here at the time) and without paying inter-telecom routing fees to the national operator.
Because of them, the contract for a SIM card from a GSM operator now includes the clause that the SIM may be placed only in a network terminal.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.