Wednesday, December 28, 2011

First Telecom Hacking

  • Claims that communication technology is 100% secure
  • Hacking a network with cheap common tools to show that those security claims are faulty
  • Patent claims challenged as too broad
  • Existing companies upset with new technologies breaking their business model

Sounds like the ongoing fights between Apple and Samsung or Oracle vs. Google.

“A century ago, one of the world’s first hackers used Morse code insults to disrupt a public demo of Marconi's wireless telegraph”

As explained in the New Scientist article Dot-dash-diss: The gentleman hacker's 1903 lulz  by Paul Marks, a 39-year-old British music hall magician named Nevil Maskelyne was able to thwart Guglielmo Marconi’s demonstration to the Royal Institution.

It seems that Marconi had made promises of a secure wireless network connection only to have it hacked as they set up the demonstration, and then again while he was selling ship-to-shore services. In both cases Maskelyne was able to do it with inexpensive readily available tools.

The article is a good read, and tells how even as wireless communication was starting out the seeds of telecom fraud and patent fights were being sown.

And hear I thought that the first fraud being Alexander Bell was surprising.

Tuesday, December 27, 2011

Term Tuesdays - Call Sell PBX Fraud

Online or offline call wholesalers hack into PBXs in order to sell calls to their customers without incurring any of the charges themselves; the more expensive the destination the better; the more calls the wholesaler can route out of a Call Center simultaneously the better. 

Destinations may be satellite phones that cost $8/minute to call, or countries that cost upwards of $2/minute to call. Obviously, the more lines the fraudster uses to perpetrate the attack, the more profound the financial loss.

Wednesday, December 21, 2011

Term Tuesdays - Off Hour Calls

Off Hour Call
Calls originating from an organization’s PBX may be the result of Internal Employee Fraud, unauthorized visitors, or remote hackers accessing the system. Most significant telecom fraud attacks are perpetrated when the enterprise is unmanned over weekends, bank holidays, religious holidays, etc.

Your telecom provider can not identify these as they do not know your business. You need to be able to monitor and prevent calls at times when your business is closed.

We have seen cases of $25,000 - $400,000 in Telecom Fraud happening over a holiday weekend.

Thursday, December 15, 2011

ComReg warns firms to be on guard against PBX fraud

Telecoms watchdog ComReg has warned there has been a rise in the number of PBX fraud incidents where firms’ telephone systems have been hacked into and large bills generated over their lines.

Tuesday, December 13, 2011

Term Tuesdays - Internal Misconduct

Telecom fraudsters are not always outside the confines of the organization. 

Internal Employee Fraud is a significant contributor to fraud affecting enterprises. In the CFCA 2011 Telecom Fraud Survey they found that Internal/Employee Theft totaled $1.44 billion out of the over $40 billion dollars of Telecom Fraud each year.

Employees may use company phones to make premium number, personal, and long distance calls. In the worst-case scenario, employees may actively enable toll fraud.

Without detailed per call reporting it can be hard to identify who is making these calls or to implement policies to prevent these calls. 

Monday, December 12, 2011

Lighter side- Phishing

This is as straightforward an example of Phishing that I have ever seen

Any questions?

Tuesday, December 6, 2011

Term Tuesdays - PBX Hacking

In light of the news last week about the hacking of AT&T user's PBXs to fund Al Qaeda I bring you PBX Hacking.

PBX Hacking
Hacking the PBX to gain unauthorized access, exploiting voicemail security, or trying default or common passwords are a few of many techniques. Fraudsters may also directly contact employees, and using “social engineering” will be able to ascertain useful information that can be used to gain access to systems.

Hacking the PBX to gain access privileges, much like hacking a computer network. This attack type may include denial of service (DoS) attacks, brute force attacks, etc.

Hacking the PBX to gain access to internal computer systems via the link intended for connecting the PBX to the CRM system. This can allow the hacker to access customer data (including credit card information), insert viruses into your system, or otherwise disrupt business by bypassing the firewall.

In the Al Qaeda case they were calling Premium Numbers to charge calls to the enterprise PBXs that were then split with the hacker's and paid to Al Qaeda.

Guest blogging on Peer-to-Peer blog: 2011's Biggest Frauds and Phreaks

I have another Guest Blog published on Channel Partners Magazine’s Peer-to-Peer blog

2011's Biggest Frauds and Phreaks 

It reviews the many news stories about Telecom Fraud that occurred during the year.

Thursday, December 1, 2011

Shssshhhhhh!!!! Al-Qaeda Phreaking!

Humbug Telecom Lab’s Eric Klein will be making a guest appearance on VoIP Users Conference weekly discussion:

Topic:  As shown by the recent arrest in the case of terrorist who were hacking AT&T business customers to fund Al-Qaeda; Telecom Fraud has come a long way from Captain Crunch and Steve Jobs phreaking Ma Bell for fun and glory. It is now big business aimed at stealing from you via your PBX. Let’s discuss actual cases and some things you can do to make sure your PBX is not funding terror.

Friday at December 2nd at 12 Noon Eastern Time (9AM Pacific)