SlideShare a Scribd company logo

PBX Hacking Case Study Reveals International Revenue Share Fraud Detection and Prevention Methods

cVidya Networks
cVidya Networks

PBX Fraud is still ranked as a top emerging fraud method globally and is a big concern in all telecom operators. In the last CFCA Educational Event in Seattle, Mr. Tal Eisner, cVidya's Senior Director Product Strategy, presented a case study on the topic of “Hacking PBXs for international revenue share fraud".

TechnologyNews & Politics
1 of 20
Download to read offline
Hacking PBXs for International Revenue Share Fraud Tal Eisner CFCA Winter Educational event Seattle, WA October 2013 © 2013 – PROPRIETARY AND CONFIDENTIAL INFORMATION OF CVIDYA
Content  The PBX Hacking challenge – questions to be asked, answers to be given  Case study from A European operator – What happened? – How was it detected? – Action items and measures taken  Lessons learned 2
PBX Hacking
PBX Hacking  Global annual damages of over $ 4B  Reported incidents have increased dramatically since the introduction and penetration of IP-based PBXs  Mode of operation has became sophisticated & professional  IP-based PBX security layers are relatively thin and vulnerable  Consequences of hacking are extensive and its financial implications must be addressed 4
Frequently Asked Questions Who’s liable for the calls What is the incentive to commit PBX hacking How does such hacking take place What protective measures can be taken against such hacking 5 How is a PBX being accessed What kind of preventive measurements can be taken
Case Study Tier 2 operator in Europe detects an organized, sophisticated hacking scheme 6
Case Study  FMS started alerting on high volumes of calls within short time periods to Hot listed risky ranges  Primary investigation concluded the following: – Calls had long duration – All destinations were PRS/IRSF – Abnormal accumulated volumes in overlapping time frames (e.g., total of 5 hours in 45 minutetime frame) – All CDRs had CFW indicators, and optional numbers were present 7
FraudView Alerts on Abnormal Traffic 8
Mode of Operation  Calls come in over IP and port scanning takes place  Hackers seek an “open port” to use as an international gateway  In order to check whether the gate is “open” – hackers use test numbers to make sure the line has international access  Known test numbers circulate as hot lists in the hacker community  Once an open gate is established and verified, an immediate surge of calls follows  Calls are forwarded from the PBX extension to PRS numbers  ALL calls are transferred to PRS destinations 9
Forwarding All Calls to PRS Destinations 10
Online Publications of Test Numbers 11
Gathering Intelligence on Test Numbers 12
Detection Process  Controls on : – Calls forwarded to international destinations – Calls by optional numbers to known risky/PRS ranges – Aggregation of calls to international calls (mainly PRS) – Accumulation of calls within a short time frame (e.g., 5 Hours in 1 hour) – Detection of series of calls with similar duration (indication of automatic dialer) 13
Observations  Modus Operandi: ”Attack” CFW Hacking  Manipulation of a number/originating number for disguise  Relating attempt to forward calls straight after option is blocked  Significant volumes of calls - such acts are not designed for “small change”  Dominant motivation for hacking is inflation of PRS traffic 14
Detecting via Optional Number (CFW) 15
Scanning via Test Numbers for Open Ports 16
From Reaction to Prevention  Core of the attack lies in CFW to international traffic  Action taken: – Process of CFW INTL deletion on provisioning level – Request for cancelation of feature for existing and new customers – Response for exceptions  Hacker tries any means to disguise his/her identity, carrier, destinations and optional number – Quick analysis and response are therefore key!  ALL calls to known test numbers are being monitored and analyzed  Restriction of accumulated traffic simultaneously over PBX 17
CFW Provisioning by Hacker 18
Lessons Learned  Maximum visibility of customer details is must  Old methods of simply calling to PBX extensions are gone…  Controls must be updated constantly – Thresholds to be tuned – Destinations to be changed  SS7 info provides flexible switching info that might be key  Real-time alerting via email/SMS can prevent large-scale financial impacts  Cross-company cooperation is essential for profound investigations and deeper understanding of phenomena 19
THANK YOU! www.cvidya.com

Recommended

FraudStrike
FraudStrike FraudStrike
FraudStrike XINTEC
 
International Revenue Share Fraud webinar
International Revenue Share Fraud webinarInternational Revenue Share Fraud webinar
International Revenue Share Fraud webinarXINTEC
 
IRSF Protection with PRISM
IRSF Protection with PRISMIRSF Protection with PRISM
IRSF Protection with PRISMXINTEC
 
FraudStrike Bringing IRSF Under Control
FraudStrike Bringing IRSF Under ControlFraudStrike Bringing IRSF Under Control
FraudStrike Bringing IRSF Under ControlRichard Hickson
 
IRSF
IRSFIRSF
IRSFAkhil Singh Rawat
 
Frauds in telecom sector
Frauds in telecom sectorFrauds in telecom sector
Frauds in telecom sectorsksahu099
 
Pabx fraud
Pabx fraudPabx fraud
Pabx fraudNeadus Callus Fire & Security
 
VoIP Threat and Security - I
VoIP Threat and Security - IVoIP Threat and Security - I
VoIP Threat and Security - IMithilesh Kumar - AWS, VCP,ITIL,SSCA
 

Recommended

FraudStrike
FraudStrike FraudStrike
FraudStrike XINTEC
 
International Revenue Share Fraud webinar
International Revenue Share Fraud webinarInternational Revenue Share Fraud webinar
International Revenue Share Fraud webinarXINTEC
 
IRSF Protection with PRISM
IRSF Protection with PRISMIRSF Protection with PRISM
IRSF Protection with PRISMXINTEC
 
FraudStrike Bringing IRSF Under Control
FraudStrike Bringing IRSF Under ControlFraudStrike Bringing IRSF Under Control
FraudStrike Bringing IRSF Under ControlRichard Hickson
 
IRSF
IRSFIRSF
IRSFAkhil Singh Rawat
 
Frauds in telecom sector
Frauds in telecom sectorFrauds in telecom sector
Frauds in telecom sectorsksahu099
 
Pabx fraud
Pabx fraudPabx fraud
Pabx fraudNeadus Callus Fire & Security
 
VoIP Threat and Security - I
VoIP Threat and Security - IVoIP Threat and Security - I
VoIP Threat and Security - IMithilesh Kumar - AWS, VCP,ITIL,SSCA
 
Positive Hack Days. Gritsai. VOIP insecurities workshop
Positive Hack Days. Gritsai. VOIP insecurities workshopPositive Hack Days. Gritsai. VOIP insecurities workshop
Positive Hack Days. Gritsai. VOIP insecurities workshopPositive Hack Days
 
Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...
Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...
Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...Positive Hack Days
 
Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Fatih Ozavci
 
The Great Unknown - How can operators leverage big data to prevent future rev...
The Great Unknown - How can operators leverage big data to prevent future rev...The Great Unknown - How can operators leverage big data to prevent future rev...
The Great Unknown - How can operators leverage big data to prevent future rev...cVidya Networks
 
Cyber fraud in banks
Cyber fraud in banksCyber fraud in banks
Cyber fraud in banksNetwork Intelligence India
 
Training Report at Mobitel
Training Report at MobitelTraining Report at Mobitel
Training Report at MobitelDinusha Dilanka
 
Revenue assurance in telecom
Revenue assurance in telecomRevenue assurance in telecom
Revenue assurance in telecomcVidya Networks
 
Fraud Management Industry Update Webinar by cVidya
Fraud Management Industry Update Webinar by cVidyaFraud Management Industry Update Webinar by cVidya
Fraud Management Industry Update Webinar by cVidyacVidya Networks
 
"The Impact of Data Traffic Explosion and LTE on Revenue Assurance and Risk"
"The Impact of Data Traffic Explosion and LTE on Revenue Assurance and Risk" "The Impact of Data Traffic Explosion and LTE on Revenue Assurance and Risk"
"The Impact of Data Traffic Explosion and LTE on Revenue Assurance and Risk" cVidya Networks
 
How to Leverage Big Data to Help Finding Fraud Patterns & Revenue Assurance
How to Leverage Big Data to Help Finding Fraud Patterns & Revenue AssuranceHow to Leverage Big Data to Help Finding Fraud Patterns & Revenue Assurance
How to Leverage Big Data to Help Finding Fraud Patterns & Revenue AssurancecVidya Networks
 
Big Data Monetization - The Path From Internal to External
Big Data Monetization - The Path From Internal to ExternalBig Data Monetization - The Path From Internal to External
Big Data Monetization - The Path From Internal to ExternalcVidya Networks
 
Dialog telekom limite1
Dialog telekom limite1Dialog telekom limite1
Dialog telekom limite1niroshiniz
 
Marketing report mobile service industry (1)
Marketing report mobile service industry (1)Marketing report mobile service industry (1)
Marketing report mobile service industry (1)cherath
 
SWOT Analysis on Dialog PLC
SWOT Analysis on Dialog PLCSWOT Analysis on Dialog PLC
SWOT Analysis on Dialog PLCJetwing Travels
 
Top 16 ways to make money online forever
Top 16 ways to make money online foreverTop 16 ways to make money online forever
Top 16 ways to make money online foreverjobguide247
 
Fraud Management Industry Update Webinar
Fraud Management Industry Update WebinarFraud Management Industry Update Webinar
Fraud Management Industry Update WebinarcVidya Networks
 
FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not MarketingArrowECS_CZ
 
VoIP Security 101 what you need to know
VoIP Security 101 what you need to knowVoIP Security 101 what you need to know
VoIP Security 101 what you need to knowEric Klein
 
Securty Issues from 1999
Securty Issues from 1999Securty Issues from 1999
Securty Issues from 1999TomParker
 
Are You Vulnerable to IP Telephony Fraud and Cyber Threats?
Are You Vulnerable to IP Telephony Fraud and Cyber Threats?Are You Vulnerable to IP Telephony Fraud and Cyber Threats?
Are You Vulnerable to IP Telephony Fraud and Cyber Threats?Carl Blume
 
Using Network Security and Identity Management to Empower CISOs Today: The Ca...
Using Network Security and Identity Management to Empower CISOs Today: The Ca...Using Network Security and Identity Management to Empower CISOs Today: The Ca...
Using Network Security and Identity Management to Empower CISOs Today: The Ca...ForgeRock
 
Making your Asterisk System Secure
Making your Asterisk System SecureMaking your Asterisk System Secure
Making your Asterisk System SecureDigium
 

More Related Content

Viewers also liked

Positive Hack Days. Gritsai. VOIP insecurities workshop
Positive Hack Days. Gritsai. VOIP insecurities workshopPositive Hack Days. Gritsai. VOIP insecurities workshop
Positive Hack Days. Gritsai. VOIP insecurities workshopPositive Hack Days
 
Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...
Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...
Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...Positive Hack Days
 
Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Fatih Ozavci
 
The Great Unknown - How can operators leverage big data to prevent future rev...
The Great Unknown - How can operators leverage big data to prevent future rev...The Great Unknown - How can operators leverage big data to prevent future rev...
The Great Unknown - How can operators leverage big data to prevent future rev...cVidya Networks
 
Training Report at Mobitel
Training Report at MobitelTraining Report at Mobitel
Training Report at MobitelDinusha Dilanka
 
Revenue assurance in telecom
Revenue assurance in telecomRevenue assurance in telecom
Revenue assurance in telecomcVidya Networks
 
Fraud Management Industry Update Webinar by cVidya
Fraud Management Industry Update Webinar by cVidyaFraud Management Industry Update Webinar by cVidya
Fraud Management Industry Update Webinar by cVidyacVidya Networks
 
"The Impact of Data Traffic Explosion and LTE on Revenue Assurance and Risk"
"The Impact of Data Traffic Explosion and LTE on Revenue Assurance and Risk" "The Impact of Data Traffic Explosion and LTE on Revenue Assurance and Risk"
"The Impact of Data Traffic Explosion and LTE on Revenue Assurance and Risk" cVidya Networks
 
How to Leverage Big Data to Help Finding Fraud Patterns & Revenue Assurance
How to Leverage Big Data to Help Finding Fraud Patterns & Revenue AssuranceHow to Leverage Big Data to Help Finding Fraud Patterns & Revenue Assurance
How to Leverage Big Data to Help Finding Fraud Patterns & Revenue AssurancecVidya Networks
 
Big Data Monetization - The Path From Internal to External
Big Data Monetization - The Path From Internal to ExternalBig Data Monetization - The Path From Internal to External
Big Data Monetization - The Path From Internal to ExternalcVidya Networks
 
Dialog telekom limite1
Dialog telekom limite1Dialog telekom limite1
Dialog telekom limite1niroshiniz
 
Marketing report mobile service industry (1)
Marketing report mobile service industry (1)Marketing report mobile service industry (1)
Marketing report mobile service industry (1)cherath
 
SWOT Analysis on Dialog PLC
SWOT Analysis on Dialog PLCSWOT Analysis on Dialog PLC
SWOT Analysis on Dialog PLCJetwing Travels
 
Top 16 ways to make money online forever
Top 16 ways to make money online foreverTop 16 ways to make money online forever
Top 16 ways to make money online foreverjobguide247
 

Viewers also liked (15)

Positive Hack Days. Gritsai. VOIP insecurities workshop
Positive Hack Days. Gritsai. VOIP insecurities workshopPositive Hack Days. Gritsai. VOIP insecurities workshop
Positive Hack Days. Gritsai. VOIP insecurities workshop
 
Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...
Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...
Positive Hack Days. Gurzov. VOIP - Reduce Your Expenses, Increase Your Income...
 
Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Hacking SIP Like a Boss!
Hacking SIP Like a Boss!
 
The Great Unknown - How can operators leverage big data to prevent future rev...
The Great Unknown - How can operators leverage big data to prevent future rev...The Great Unknown - How can operators leverage big data to prevent future rev...
The Great Unknown - How can operators leverage big data to prevent future rev...
 
Cyber fraud in banks
Cyber fraud in banksCyber fraud in banks
Cyber fraud in banks
 
Training Report at Mobitel
Training Report at MobitelTraining Report at Mobitel
Training Report at Mobitel
 
Revenue assurance in telecom
Revenue assurance in telecomRevenue assurance in telecom
Revenue assurance in telecom
 
Fraud Management Industry Update Webinar by cVidya
Fraud Management Industry Update Webinar by cVidyaFraud Management Industry Update Webinar by cVidya
Fraud Management Industry Update Webinar by cVidya
 
"The Impact of Data Traffic Explosion and LTE on Revenue Assurance and Risk"
"The Impact of Data Traffic Explosion and LTE on Revenue Assurance and Risk" "The Impact of Data Traffic Explosion and LTE on Revenue Assurance and Risk"
"The Impact of Data Traffic Explosion and LTE on Revenue Assurance and Risk"
 
How to Leverage Big Data to Help Finding Fraud Patterns & Revenue Assurance
How to Leverage Big Data to Help Finding Fraud Patterns & Revenue AssuranceHow to Leverage Big Data to Help Finding Fraud Patterns & Revenue Assurance
How to Leverage Big Data to Help Finding Fraud Patterns & Revenue Assurance
 
Big Data Monetization - The Path From Internal to External
Big Data Monetization - The Path From Internal to ExternalBig Data Monetization - The Path From Internal to External
Big Data Monetization - The Path From Internal to External
 
Dialog telekom limite1
Dialog telekom limite1Dialog telekom limite1
Dialog telekom limite1
 
Marketing report mobile service industry (1)
Marketing report mobile service industry (1)Marketing report mobile service industry (1)
Marketing report mobile service industry (1)
 
SWOT Analysis on Dialog PLC
SWOT Analysis on Dialog PLCSWOT Analysis on Dialog PLC
SWOT Analysis on Dialog PLC
 
Top 16 ways to make money online forever
Top 16 ways to make money online foreverTop 16 ways to make money online forever
Top 16 ways to make money online forever
 

Similar to PBX Hacking Case Study Reveals International Revenue Share Fraud Detection and Prevention Methods

Fraud Management Industry Update Webinar
Fraud Management Industry Update WebinarFraud Management Industry Update Webinar
Fraud Management Industry Update WebinarcVidya Networks
 
FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not MarketingArrowECS_CZ
 
VoIP Security 101 what you need to know
VoIP Security 101 what you need to knowVoIP Security 101 what you need to know
VoIP Security 101 what you need to knowEric Klein
 
Securty Issues from 1999
Securty Issues from 1999Securty Issues from 1999
Securty Issues from 1999TomParker
 
Are You Vulnerable to IP Telephony Fraud and Cyber Threats?
Are You Vulnerable to IP Telephony Fraud and Cyber Threats?Are You Vulnerable to IP Telephony Fraud and Cyber Threats?
Are You Vulnerable to IP Telephony Fraud and Cyber Threats?Carl Blume
 
Using Network Security and Identity Management to Empower CISOs Today: The Ca...
Using Network Security and Identity Management to Empower CISOs Today: The Ca...Using Network Security and Identity Management to Empower CISOs Today: The Ca...
Using Network Security and Identity Management to Empower CISOs Today: The Ca...ForgeRock
 
Making your Asterisk System Secure
Making your Asterisk System SecureMaking your Asterisk System Secure
Making your Asterisk System SecureDigium
 
Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & ForensicsPriyanka Aash
 
Voice communication security
Voice communication securityVoice communication security
Voice communication securityFabio Pietrosanti
 
Ethical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security TestingEthical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security Testingchampubhaiya8
 
6 Steps to SIP trunking security
6 Steps to SIP trunking security6 Steps to SIP trunking security
6 Steps to SIP trunking securityFlowroute
 
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITYIDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITYForgeRock
 
VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP Fatih Ozavci
 
conf2014_PeterLam_Splunk_Security
conf2014_PeterLam_Splunk_Securityconf2014_PeterLam_Splunk_Security
conf2014_PeterLam_Splunk_Securitypeter lam
 
How to Prevent Telecom Fraud in Real-Time
How to Prevent Telecom Fraud in Real-TimeHow to Prevent Telecom Fraud in Real-Time
How to Prevent Telecom Fraud in Real-TimeTelcoBridges Inc.
 
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP Security
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP SecurityPLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP Security
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP SecurityPROIDEA
 
How to Prevent Telecom Fraud
How to Prevent Telecom FraudHow to Prevent Telecom Fraud
How to Prevent Telecom FraudJeraSoft
 
How to Prevent Telecom Fraud in Real-Time
How to Prevent Telecom Fraud in Real-TimeHow to Prevent Telecom Fraud in Real-Time
How to Prevent Telecom Fraud in Real-TimeAlan Percy
 

Similar to PBX Hacking Case Study Reveals International Revenue Share Fraud Detection and Prevention Methods (20)

Fraud Management Industry Update Webinar
Fraud Management Industry Update WebinarFraud Management Industry Update Webinar
Fraud Management Industry Update Webinar
 
FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not
 
VoIP Security 101 what you need to know
VoIP Security 101 what you need to knowVoIP Security 101 what you need to know
VoIP Security 101 what you need to know
 
Securty Issues from 1999
Securty Issues from 1999Securty Issues from 1999
Securty Issues from 1999
 
Are You Vulnerable to IP Telephony Fraud and Cyber Threats?
Are You Vulnerable to IP Telephony Fraud and Cyber Threats?Are You Vulnerable to IP Telephony Fraud and Cyber Threats?
Are You Vulnerable to IP Telephony Fraud and Cyber Threats?
 
Using Network Security and Identity Management to Empower CISOs Today: The Ca...
Using Network Security and Identity Management to Empower CISOs Today: The Ca...Using Network Security and Identity Management to Empower CISOs Today: The Ca...
Using Network Security and Identity Management to Empower CISOs Today: The Ca...
 
Making your Asterisk System Secure
Making your Asterisk System SecureMaking your Asterisk System Secure
Making your Asterisk System Secure
 
CMIT 321 QUIZ 1
CMIT 321 QUIZ 1CMIT 321 QUIZ 1
CMIT 321 QUIZ 1
 
Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics
 
PHISHING PROTECTION
PHISHING PROTECTIONPHISHING PROTECTION
PHISHING PROTECTION
 
Voice communication security
Voice communication securityVoice communication security
Voice communication security
 
Ethical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security TestingEthical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security Testing
 
6 Steps to SIP trunking security
6 Steps to SIP trunking security6 Steps to SIP trunking security
6 Steps to SIP trunking security
 
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITYIDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
IDENTITY IS THE FIRST STEP TO TRUE NETWORK SECURITY
 
VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP
 
conf2014_PeterLam_Splunk_Security
conf2014_PeterLam_Splunk_Securityconf2014_PeterLam_Splunk_Security
conf2014_PeterLam_Splunk_Security
 
How to Prevent Telecom Fraud in Real-Time
How to Prevent Telecom Fraud in Real-TimeHow to Prevent Telecom Fraud in Real-Time
How to Prevent Telecom Fraud in Real-Time
 
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP Security
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP SecurityPLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP Security
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP Security
 
How to Prevent Telecom Fraud
How to Prevent Telecom FraudHow to Prevent Telecom Fraud
How to Prevent Telecom Fraud
 
How to Prevent Telecom Fraud in Real-Time
How to Prevent Telecom Fraud in Real-TimeHow to Prevent Telecom Fraud in Real-Time
How to Prevent Telecom Fraud in Real-Time
 

More from cVidya Networks

Revenue Assurance Industry Update - Webinar by Dr. Gadi Solotorevsky, cVidya'...
Revenue Assurance Industry Update - Webinar by Dr. Gadi Solotorevsky, cVidya'...Revenue Assurance Industry Update - Webinar by Dr. Gadi Solotorevsky, cVidya'...
Revenue Assurance Industry Update - Webinar by Dr. Gadi Solotorevsky, cVidya'...cVidya Networks
 
Utilizing Big Data to Optimize Customer Value Management Strategies
Utilizing Big Data to Optimize Customer Value Management StrategiesUtilizing Big Data to Optimize Customer Value Management Strategies
Utilizing Big Data to Optimize Customer Value Management StrategiescVidya Networks
 
“Full Strike – using your data to hit targeting, proposition and strategic in...
“Full Strike – using your data to hit targeting, proposition and strategic in...“Full Strike – using your data to hit targeting, proposition and strategic in...
“Full Strike – using your data to hit targeting, proposition and strategic in...cVidya Networks
 
Why should RA & Fraud Managers rethink the way they manage their business?
Why should RA & Fraud Managers rethink the way they manage their business?Why should RA & Fraud Managers rethink the way they manage their business?
Why should RA & Fraud Managers rethink the way they manage their business?cVidya Networks
 
How to monetize and generate revenues from data services in a competitive market
How to monetize and generate revenues from data services in a competitive marketHow to monetize and generate revenues from data services in a competitive market
How to monetize and generate revenues from data services in a competitive marketcVidya Networks
 
cVidya RA for Electric Utilities - RA Forum Conference
cVidya RA for Electric Utilities - RA Forum ConferencecVidya RA for Electric Utilities - RA Forum Conference
cVidya RA for Electric Utilities - RA Forum ConferencecVidya Networks
 
Shift at work of fraud management
Shift at work of fraud managementShift at work of fraud management
Shift at work of fraud managementcVidya Networks
 
Smart Margin Analytics: Adding Margin Assurance Capability to Revenue Assurance
Smart Margin Analytics: Adding Margin Assurance Capability to Revenue AssuranceSmart Margin Analytics: Adding Margin Assurance Capability to Revenue Assurance
Smart Margin Analytics: Adding Margin Assurance Capability to Revenue AssurancecVidya Networks
 
TM Forum Presentation with cVidya and Alltel
TM Forum Presentation with cVidya and AlltelTM Forum Presentation with cVidya and Alltel
TM Forum Presentation with cVidya and AlltelcVidya Networks
 
TM Forum #MWA12 Catalyst Presentation with cVidya
TM Forum #MWA12 Catalyst Presentation with cVidyaTM Forum #MWA12 Catalyst Presentation with cVidya
TM Forum #MWA12 Catalyst Presentation with cVidyacVidya Networks
 
Wholesale Fraud - Jason Lane-Sellers of cVidya
Wholesale Fraud - Jason Lane-Sellers of cVidyaWholesale Fraud - Jason Lane-Sellers of cVidya
Wholesale Fraud - Jason Lane-Sellers of cVidyacVidya Networks
 
Telco’s change in Climate Brings new opportunities for growth
Telco’s change in Climate Brings new opportunities for growthTelco’s change in Climate Brings new opportunities for growth
Telco’s change in Climate Brings new opportunities for growthcVidya Networks
 
The Impact Data Traffic Explosion and LTE on Revenue Assurance
The Impact Data Traffic Explosion and LTE on Revenue AssuranceThe Impact Data Traffic Explosion and LTE on Revenue Assurance
The Impact Data Traffic Explosion and LTE on Revenue AssurancecVidya Networks
 
Enterprise Fraud Management - Challenges Brings New Opportunities
Enterprise Fraud Management - Challenges Brings New OpportunitiesEnterprise Fraud Management - Challenges Brings New Opportunities
Enterprise Fraud Management - Challenges Brings New OpportunitiescVidya Networks
 
Pricing Analytics - Pricing Mobile Data, London 2012
Pricing Analytics - Pricing Mobile Data, London 2012Pricing Analytics - Pricing Mobile Data, London 2012
Pricing Analytics - Pricing Mobile Data, London 2012cVidya Networks
 
Joint Oracle-cVidya Cloud webinar - SaaS Market Growth & Opportunities
Joint Oracle-cVidya Cloud webinar - SaaS Market Growth & OpportunitiesJoint Oracle-cVidya Cloud webinar - SaaS Market Growth & Opportunities
Joint Oracle-cVidya Cloud webinar - SaaS Market Growth & OpportunitiescVidya Networks
 
Cloud based fraud detection and management solution – alaska communications c...
Cloud based fraud detection and management solution – alaska communications c...Cloud based fraud detection and management solution – alaska communications c...
Cloud based fraud detection and management solution – alaska communications c...cVidya Networks
 
TM Forum Fraud Management Group Activities - Presented at TM Forum's Manageme...
TM Forum Fraud Management Group Activities - Presented at TM Forum's Manageme...TM Forum Fraud Management Group Activities - Presented at TM Forum's Manageme...
TM Forum Fraud Management Group Activities - Presented at TM Forum's Manageme...cVidya Networks
 
Cloud Services: Resolving the Trust vs. Uptake Paradox
Cloud Services: Resolving the Trust vs. Uptake ParadoxCloud Services: Resolving the Trust vs. Uptake Paradox
Cloud Services: Resolving the Trust vs. Uptake ParadoxcVidya Networks
 
Bringing Shadow IT into the Light with a Centralized IT Cloud Migration Strategy
Bringing Shadow IT into the Light with a Centralized IT Cloud Migration StrategyBringing Shadow IT into the Light with a Centralized IT Cloud Migration Strategy
Bringing Shadow IT into the Light with a Centralized IT Cloud Migration StrategycVidya Networks
 

More from cVidya Networks (20)

Revenue Assurance Industry Update - Webinar by Dr. Gadi Solotorevsky, cVidya'...
Revenue Assurance Industry Update - Webinar by Dr. Gadi Solotorevsky, cVidya'...Revenue Assurance Industry Update - Webinar by Dr. Gadi Solotorevsky, cVidya'...
Revenue Assurance Industry Update - Webinar by Dr. Gadi Solotorevsky, cVidya'...
 
Utilizing Big Data to Optimize Customer Value Management Strategies
Utilizing Big Data to Optimize Customer Value Management StrategiesUtilizing Big Data to Optimize Customer Value Management Strategies
Utilizing Big Data to Optimize Customer Value Management Strategies
 
“Full Strike – using your data to hit targeting, proposition and strategic in...
“Full Strike – using your data to hit targeting, proposition and strategic in...“Full Strike – using your data to hit targeting, proposition and strategic in...
“Full Strike – using your data to hit targeting, proposition and strategic in...
 
Why should RA & Fraud Managers rethink the way they manage their business?
Why should RA & Fraud Managers rethink the way they manage their business?Why should RA & Fraud Managers rethink the way they manage their business?
Why should RA & Fraud Managers rethink the way they manage their business?
 
How to monetize and generate revenues from data services in a competitive market
How to monetize and generate revenues from data services in a competitive marketHow to monetize and generate revenues from data services in a competitive market
How to monetize and generate revenues from data services in a competitive market
 
cVidya RA for Electric Utilities - RA Forum Conference
cVidya RA for Electric Utilities - RA Forum ConferencecVidya RA for Electric Utilities - RA Forum Conference
cVidya RA for Electric Utilities - RA Forum Conference
 
Shift at work of fraud management
Shift at work of fraud managementShift at work of fraud management
Shift at work of fraud management
 
Smart Margin Analytics: Adding Margin Assurance Capability to Revenue Assurance
Smart Margin Analytics: Adding Margin Assurance Capability to Revenue AssuranceSmart Margin Analytics: Adding Margin Assurance Capability to Revenue Assurance
Smart Margin Analytics: Adding Margin Assurance Capability to Revenue Assurance
 
TM Forum Presentation with cVidya and Alltel
TM Forum Presentation with cVidya and AlltelTM Forum Presentation with cVidya and Alltel
TM Forum Presentation with cVidya and Alltel
 
TM Forum #MWA12 Catalyst Presentation with cVidya
TM Forum #MWA12 Catalyst Presentation with cVidyaTM Forum #MWA12 Catalyst Presentation with cVidya
TM Forum #MWA12 Catalyst Presentation with cVidya
 
Wholesale Fraud - Jason Lane-Sellers of cVidya
Wholesale Fraud - Jason Lane-Sellers of cVidyaWholesale Fraud - Jason Lane-Sellers of cVidya
Wholesale Fraud - Jason Lane-Sellers of cVidya
 
Telco’s change in Climate Brings new opportunities for growth
Telco’s change in Climate Brings new opportunities for growthTelco’s change in Climate Brings new opportunities for growth
Telco’s change in Climate Brings new opportunities for growth
 
The Impact Data Traffic Explosion and LTE on Revenue Assurance
The Impact Data Traffic Explosion and LTE on Revenue AssuranceThe Impact Data Traffic Explosion and LTE on Revenue Assurance
The Impact Data Traffic Explosion and LTE on Revenue Assurance
 
Enterprise Fraud Management - Challenges Brings New Opportunities
Enterprise Fraud Management - Challenges Brings New OpportunitiesEnterprise Fraud Management - Challenges Brings New Opportunities
Enterprise Fraud Management - Challenges Brings New Opportunities
 
Pricing Analytics - Pricing Mobile Data, London 2012
Pricing Analytics - Pricing Mobile Data, London 2012Pricing Analytics - Pricing Mobile Data, London 2012
Pricing Analytics - Pricing Mobile Data, London 2012
 
Joint Oracle-cVidya Cloud webinar - SaaS Market Growth & Opportunities
Joint Oracle-cVidya Cloud webinar - SaaS Market Growth & OpportunitiesJoint Oracle-cVidya Cloud webinar - SaaS Market Growth & Opportunities
Joint Oracle-cVidya Cloud webinar - SaaS Market Growth & Opportunities
 
Cloud based fraud detection and management solution – alaska communications c...
Cloud based fraud detection and management solution – alaska communications c...Cloud based fraud detection and management solution – alaska communications c...
Cloud based fraud detection and management solution – alaska communications c...
 
TM Forum Fraud Management Group Activities - Presented at TM Forum's Manageme...
TM Forum Fraud Management Group Activities - Presented at TM Forum's Manageme...TM Forum Fraud Management Group Activities - Presented at TM Forum's Manageme...
TM Forum Fraud Management Group Activities - Presented at TM Forum's Manageme...
 
Cloud Services: Resolving the Trust vs. Uptake Paradox
Cloud Services: Resolving the Trust vs. Uptake ParadoxCloud Services: Resolving the Trust vs. Uptake Paradox
Cloud Services: Resolving the Trust vs. Uptake Paradox
 
Bringing Shadow IT into the Light with a Centralized IT Cloud Migration Strategy
Bringing Shadow IT into the Light with a Centralized IT Cloud Migration StrategyBringing Shadow IT into the Light with a Centralized IT Cloud Migration Strategy
Bringing Shadow IT into the Light with a Centralized IT Cloud Migration Strategy
 

Recently uploaded

Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 

Recently uploaded (20)

Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 

PBX Hacking Case Study Reveals International Revenue Share Fraud Detection and Prevention Methods

  • 1. Hacking PBXs for International Revenue Share Fraud Tal Eisner CFCA Winter Educational event Seattle, WA October 2013 © 2013 – PROPRIETARY AND CONFIDENTIAL INFORMATION OF CVIDYA
  • 2. Content  The PBX Hacking challenge – questions to be asked, answers to be given  Case study from A European operator – What happened? – How was it detected? – Action items and measures taken  Lessons learned 2
  • 4. PBX Hacking  Global annual damages of over $ 4B  Reported incidents have increased dramatically since the introduction and penetration of IP-based PBXs  Mode of operation has became sophisticated & professional  IP-based PBX security layers are relatively thin and vulnerable  Consequences of hacking are extensive and its financial implications must be addressed 4
  • 5. Frequently Asked Questions Who’s liable for the calls What is the incentive to commit PBX hacking How does such hacking take place What protective measures can be taken against such hacking 5 How is a PBX being accessed What kind of preventive measurements can be taken
  • 6. Case Study Tier 2 operator in Europe detects an organized, sophisticated hacking scheme 6
  • 7. Case Study  FMS started alerting on high volumes of calls within short time periods to Hot listed risky ranges  Primary investigation concluded the following: – Calls had long duration – All destinations were PRS/IRSF – Abnormal accumulated volumes in overlapping time frames (e.g., total of 5 hours in 45 minutetime frame) – All CDRs had CFW indicators, and optional numbers were present 7
  • 8. FraudView Alerts on Abnormal Traffic 8
  • 9. Mode of Operation  Calls come in over IP and port scanning takes place  Hackers seek an “open port” to use as an international gateway  In order to check whether the gate is “open” – hackers use test numbers to make sure the line has international access  Known test numbers circulate as hot lists in the hacker community  Once an open gate is established and verified, an immediate surge of calls follows  Calls are forwarded from the PBX extension to PRS numbers  ALL calls are transferred to PRS destinations 9
  • 10. Forwarding All Calls to PRS Destinations 10
  • 11. Online Publications of Test Numbers 11
  • 12. Gathering Intelligence on Test Numbers 12
  • 13. Detection Process  Controls on : – Calls forwarded to international destinations – Calls by optional numbers to known risky/PRS ranges – Aggregation of calls to international calls (mainly PRS) – Accumulation of calls within a short time frame (e.g., 5 Hours in 1 hour) – Detection of series of calls with similar duration (indication of automatic dialer) 13
  • 14. Observations  Modus Operandi: ”Attack” CFW Hacking  Manipulation of a number/originating number for disguise  Relating attempt to forward calls straight after option is blocked  Significant volumes of calls - such acts are not designed for “small change”  Dominant motivation for hacking is inflation of PRS traffic 14
  • 15. Detecting via Optional Number (CFW) 15
  • 16. Scanning via Test Numbers for Open Ports 16
  • 17. From Reaction to Prevention  Core of the attack lies in CFW to international traffic  Action taken: – Process of CFW INTL deletion on provisioning level – Request for cancelation of feature for existing and new customers – Response for exceptions  Hacker tries any means to disguise his/her identity, carrier, destinations and optional number – Quick analysis and response are therefore key!  ALL calls to known test numbers are being monitored and analyzed  Restriction of accumulated traffic simultaneously over PBX 17
  • 18. CFW Provisioning by Hacker 18
  • 19. Lessons Learned  Maximum visibility of customer details is must  Old methods of simply calling to PBX extensions are gone…  Controls must be updated constantly – Thresholds to be tuned – Destinations to be changed  SS7 info provides flexible switching info that might be key  Real-time alerting via email/SMS can prevent large-scale financial impacts  Cross-company cooperation is essential for profound investigations and deeper understanding of phenomena 19