[VoiceOps] A question about some international calling fraud to Eritrea

cololiberty at comcast.net cololiberty at comcast.net
Fri Apr 16 22:17:56 EDT 2010

Most carriers should have a call analyzing software that they use for finding calls. 

empirix hammer, agilient etc. 

We use them for putting together situations like these. 

I seem to recall a method of manipulating a call like this by having a number on the originating switch forward it's incoming calls to another number that can deliver a dial tone and pass the calls through that way. something like that..... 

do you have a calling pattern that you are able to share? I might be interested to scan it past my switches to see if anything is going on as well. 

Any suggestions what I should be asking the long distance carrier who 
>> warned us about this? 

I would be asking for any call details they may be able to give you, call times etc. they may or may not share, it may be proprietary for them. 



----- Original Message ----- 
From: "Matt Yaklin" <myaklin at g4.net> 
To: "Paul Timmins" <paul at timmins.net> 
Cc: VoiceOps at voiceops.org 
Sent: Friday, April 16, 2010 5:50:29 PM GMT -07:00 US/Canada Mountain 
Subject: Re: [VoiceOps] A question about some international calling fraud to Eritrea 

On Fri, 16 Apr 2010, Paul Timmins wrote: 

> Can Fairpoint take the originating trunk group information and date from the 
> LD carrier and correlate them in their cabs records to determine the 
> originating trunk group / line? 

That is exactly what we plan to do as the next step. We are asking our 
long distance carrier for more information. As in the raw CDRs and a 
bit of assistance from them on what value the trunk number matches up 
to their circuits from Fairpoint, etc... 

I am not sure if any of you have worked with Fairpoint since they bought 
out some of Verizon but it is not very much fun to say the least. An ILEC 
is a beast to begin with but then add in a buy out that did not go very 
smoothly... sigh. 

Thanks Paul for the advice. 

matt at G4.net 

> -Paul 
> Matt Yaklin wrote: 
>> Hey all, 
>> I will try to explain this the best I can. 
>> We got a call from one of our long distance carriers today telling us 
>> that we had a spike of long distance international calls going through 
>> their switch. These calls were to Africa and the country name is Eritrea. 
>> The originating number is a customer of ours. The trick is that this 
>> customer uses resold ILEC POTs lines that has their long distance calls 
>> PIC'd to the carrier who called to warn us about the spike of odd call 
>> traffic. 
>> This customer of ours happens to be a large agency in NH who has the 
>> ability to look at CDRs directly from the 5ESS in Concord, NH. A rather 
>> special situation to say the least. 
>> They can state, with quite a bit of assurance, that these calls were not 
>> generated from their PBX/network as they cannot see any records for them. 
>> Also, as I checked earlier, these calls did not go through any of my 
>> switches/asterisk servers. 
>> So the customer and I are left wondering how these calls managed to get 
>> to this long distance carrier who warned us about the spike. The calls 
>> came into this long distance carrier from the Manchester, NH Fairpoint 
>> tandem. 
>> Naturally we will try to contact Fairpoint for assistance but I am not 
>> very hopeful at this point they will be much help. 
>> The long distance carrier who warned us tends to think that the calls 
>> were generated by our customer who has something SIP/PBX insecure but when 
>> the customer has a link to look at CDR records right from the 5ESS he 
>> is rather sure that is not the case. 
>> I am trying to figure out creative ways this fraud can be happening if 
>> the customer is not at fault. One way is for a person who owns/operates 
>> a full blown switch to generate this type of fraud but it does seem 
>> unlikely. 
>> Any suggestions what I should be asking the long distance carrier who 
>> warned us about this? 
>> Any suggestions on how this type of fraud can be committed without 
>> the customer being the cause? 
>> Should I be grilling our customer one more time stating that since 
>> the originating number was theirs AND that it was PIC'd to the right 
>> long distance carrier... it is hard to imagine that someone could 
>> duplicate this fraud that easily? 
>> Thank you for your time. I hope I was clear enough to give you an 
>> idea of what is going on. 
>> matt at g4.net 
>> _______________________________________________ 
>> VoiceOps mailing list 
>> VoiceOps at voiceops.org 
>> https://puck.nether.net/mailman/listinfo/voiceops 
VoiceOps mailing list 
VoiceOps at voiceops.org 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20100417/8bb1f233/attachment.html>

More information about the VoiceOps mailing list